22/09/2021
Cybercrime: The complete overview
Introduction
The advancement of information technology in our everyday life has given rise to developmental changes in our modern society. Now it is possible to bank right from your comfort zone because IT has made it possible for both mobile and internet banking. Even to shop now in our modern society, it is so convenient, so stress-free, that you could be in your house and order for anything you want and before you say anything it has been delivered to your house. All these and many more has been possible with the help of advancement in Information Technology.
However, the advancement in the information technology has also brought a very big threat to the society. There is a big threat because most of the essential services in our modern society today now rely on Information Technology. For example electricity, water, transport, banking systems, food processing all rely on Information Technology. If there is an attack on any of these listed essential services it might have a negative impact on the economy. In this paper I will dwell more light on what cybercrime is, types of cybercrime, categories of cybercrime, some notable cybercrimes, and what to do to prevent cybercrime.
Definition of Cybercrime
Cybercrime can be defined as any criminal activity which involves the use of computer systems, any internet connected devices or anything related to it. It is also any criminal activities carried out which involve the use of computer systems and computer network. Cybercrimes includes accessing illegal material online, stealing money from online bank account, impersonating online and so on.
Why Cybercrime?
1.Passion: Cybercrime can be committed by individual just because such individual want him/her to be recognized in the society. The aim of this attack however is not meant to hurt anyone but rather to let people know what they are cable of.
2.Money: Cybercrime can also be committed by individual in order for such individual to make quick cask. They are the type that attack e-commerce website, attack Automatic Teller Machines, banking fraud and so on.
3.Believe and Misconception: other people commit this crime because of believing in a cause. Take for instant the terrorist group all over the globe now, they get themselves involved in cybercrime while trying to fight for what they think is their right cause.
4.Information Availability: Confidential information are everywhere in the cloud without appropriate security measures in place. And this encourages cybercriminal to initiate unauthorized access to such information and use it for their own needs.
Some common types of Cybercrime
1.Phishing: Phishing is a method used by an attacker to collect sensitive information such as card pin, passwords, and username and so on. This is done in a malicious way especially using electronic communication (email). It can be further explaining as the act of sending falsifying a company’s email address and use it to send email to user as if the person sending the email is authentic.
a.Deceptive Phishing: Under this type of phishing, an email is sent from an attacker to the user pretending to be member of their company in order to gain access to some vital information. The email always comes in a deceptive way that it will be difficult for the user to know the difference between the original and the fake.
b.Malware-based Phishing: Malicious software can be sent as an attachment via mail to user. Immediately the user download and double click on it, it will run a malware program which create a backdoor for attacker on that particular PC. Key loggers and screen loggers are example of a malware-based phishing.
c.Session Hijacking: This is a type of attack in which the attacker uses a malicious software to monitor user’s activities until the user sign into an account that the attacker is interested in.
2.Social Engineering: It can be defined as the act of manipulating people by the attacker in order for them to give away vital information to the attacker. We have five common known types of social engineering namely:
a.Tailgating: This is a type of attack which involves someone or an attacker who does not have the proper authentication tool or ID card to access a building following an employee of that building into restricted area of the building.
b.Quid Pro Quo: It is when an attacker request for information in exchange for some compensation.
c.Pretexting: It is when an attacker has his/her attention on creating a good pretext or fabricated story that can be used their target’s personal information.
d.Phishing: It is the most common type of social engineering. An attacker send a fraudulent or scam email in order to obtain personal information of their target.
e.Baiting: This is done when an attacker promise their target an item or services in exchange for information.
3.Identity Theft: Identity theft is the illegal use of someone else’s identity information to perpetrate fraud.
4.Denial of Service Attack: This is a type of attack in which a device or network resources is made unavailable by the attacker. This mostly achieved by flooding the machine or the network resources with many unreasonable traffics. This type of attack can be categorized in to three namely:
a.Volume Based Attacks: This type of attack is carried out by an attacker to over flood the bandwidth of a targeted website. Example includes UDP floods, ICMP floods, etc.
b.Protocol Attacks: This a type of attack carried out by an attacker to fully utilize server or network resources. Examples of this type of attack are fragmented packet, ping of death, etc.
c.Application Layer Attacks: It is an attack targeted towards web servers by an attack with the aim of crashing the web server. Examples include DDOs attack, Windows or OpenBSD, Zero-day DDoS Attack etc.
5.Cyberbullying: it is the use of internet or technology to harass, oppress, threating, embarrass or targeting another person. We have five different types of cyberbullying namely:
a.Harassment: This involves repeatedly sending of offensive message to a person or a group of persons.
b.Flaming: Flaming refers to online fight between persons using email, instant messages, and online chat rooms.
c.Exclusion: This is d act of singling out a person or group of person out of a discussion or chat.
d.Outing: This is the act of sharing someone’s personal and private information publicly by a bully without seeking the person’s consent.
e.Masquerading: This is when a bully create for himself/herself another identity to harass someone online.
6.Salami Slicing Attacks: A Salami attack is a small attack which can be carried out in a repeated number of times. Example of Salami attacks is Salami shaving attack that a banker used to remove one naira each on every account on daily basis for over ten years.
7.Credit Card Fraud: It is a type of fraud which is carried out by an attacker using a credit card. We have several types of credit card fraud. Let me mention few of them
a.Lost or stolen cards: This occur when the original owner misplace the card or an attacker stole the card from the owner.
b.Account Takeover: This happen when the card owner willingly give the attacker his/her card info without knowing. The attacker then call the bank and changes every single information about the account and take it over.
c.Never Received: This occurred when a new or replacement card in stolen in transit without the owner receiving it.
8.Scams: There several scams present online today. Yahoo scam and others are very common. An avenue that people dupe people all in the name of love, travelling, green card and so on.
How do we then prevent Cybercrime?
1.User ID & Password Creation: For multiple accounts, it is advisable to use different user id and password. When selecting password the following must be taken into consideration:
a.Your password must be at least 8 characters long.
b.Your password must not contain any of your names, your estate or house address, your birthdate, your school name, your church name or anything close to you that an attacker might easily guess.
c.Also, make sure your password does not contain a full word.
d.Your password must contain characters from uppercase letters, lowercase letters, numbers, and alpha numeric characters.
e.Your password must not be a dictionary word.
2.Secure your Computer: Your computer can be secured by doing the following.
a.Strong Antivirus Software: It is advisable that a very strong antivirus software is installed. The type and antivirus program that can prevent malware spread, can block Trojan, and that can prevent any unauthorized change to the system files.
b.Windows Firewall: It is very important that you activate the windows firewall. This will allow the some traffic to pass and block those in your black list.
c.Update Patches: It is necessary that you install update security patches on a daily basis. This will further enhance your window security
d.Pop ups and Ads: Whenever you are working with your computer online and a pop up or Ads comes out, such that when you click takes you to a funny website. It is advisable that you don’t click on such.
3.Data Protection: It is advisable to protect your data with any protection techniques especially encryption method.
4.Secure your Mobile Device: Mobile phones are always vulnerable to viruses and worms, so therefore it is advisable that you download stuffs from known sources.
5.Be in control of your social network: It is advisable that all your social media networks are set to private mode. Be careful of whatever information you shared on your social media networks. Don’t forget to always check the security settings of all your social media networks.
6.Secure your wireless Network: Wireless network are always prone to attacks, it is advisable that you secure your network with any of the known good encryption technique.
7.Only Shop on secure Site: It is advisable that you are sure about the security of a website before you start to enter your card information.
8.Don’t share your card details on website: It is very dangerous to share our card details on a platform you don’t have control over. You might be giving to much information to the attackers.
References
1.F. Lorrie, editor. “Proceedings of the Anti-Phishing Working Groups”, 2nd Annual eCrime Researchers Summit 2007, Pittsburgh, Pennsylvania, USA, October 4–5, 2007, vol. 269 of ACM International Conference Proceeding Series. ACM, 2007.
2.Er. Harpreet Singh Dalla, Ms. Geeta. "Cyber Crime – A Threat to Persons, Property, Government and Societies", International Journal of Advanced Research in Computer Science and Software Engineering, Volume 3, Issue 5, May 2013
3.R. Anderson, C. Barton, R. Bohme, R. Clayton, M. van Eeten, M. Levi, T. Moore, and S. Savage. “Measuring the cost of cybercrime”. In Proceedings of 11th Annual Workshop on the Economics of Information Security. Springer, 2012.
4.K. M. Finklea and C. A. Theohry. Cybercrime: Conceptual issues for congress and U.S. law enforcement. Technical report, Congressional Research Service, 2012.
5.Harvey B. (2004). Computer hacking and ethics. University of California, Berkeley. Retrieved July23, 2004 from http://www. cs.berkeley.edu/ ~bh/hackers.html
6.http://www.acorn.gov.au/what-is-cybercrime/
7.http://www.infosecurity-magazine.com/cybercrime/
Starting June 16th, vaccinated EECS faculty, staff, and students can voluntarily return to their offices, labs and other research spaces in Cory and Soda Halls if they follow the procedures outlined in the EECS Safety Manual. Building restrictions for non-affiliated collaborators, event attendees, a...
