PENDIDIDKAN SENI VISUAL

SEPTEMBER 2011

OUMH1203

ENGLISH FOR WRITTEN COMMUNICATION

MATRICULATION NO IDENTITY CARD NO. TELEPHONE NO. E-MAIL LEARNING CENTRE

: : : : :

830419145640001 830419-14-5640 016-3286843 hacinta21@yahoo.com PETALING JAYA LEARNING CENTRE

TABLE OF CONTENTS

Title 1.0 Introduction 2.0 Defining Cyber Crime 3.0 Types of Cyber Crime 4.0 Classifications of Cyber Crime 5.0 Cyber Crime In Malaysia and USA 6.0 Preventions and Suggestions for Cyber Crime 7.0 Conclusions 8.0 Appendix 9.0 References

Page number 2 3 4 7 10 13 17 18 20

830419145640001

Page 1

OUMH1203

1.0 Introduction of Cyber Crimes

Cyber crime also known as computer crime the use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the internet, has grown in importance as the computer has become central to commerce, entertainment, and government. Because of the early and widespread adoption of computers and the internet in the United States, most of the earliest victims and villains of cybercrime were Americans. By the 21st century, though, hardly a hamlet remained anywhere in the world that had not been touched by cybercrime of one sort or another.

830419145640001

Page 2

OUMH1203

2.0 Defining Cybercrimes New technologies create new criminal opportunities but few new types of crime. Criminals do not need a computer to commit fraud, traffic in child pornography and intellectual property, steal an identity, or violate someone's privacy. All those activities existed before the cyber prefix became ubiquitous. Cybercrime, especially involving the internet, represents an extension of existing criminal behavior alongside some novel illegal activities: Thomas, D. and Loader, B (2000) Most cybercrime is an attack on information about individuals, corporations, or governments. Although the attacks do not take place on a physical body, they do take place on the personal or corporate virtual body, which is the set of informational attributes that define people and institutions on the internet. In other words, in the digital age our virtual identities are essential elements of everyday life: we are a bundle of numbers and identifiers in multiple computer databases owned by governments and corporations. Cybercrime highlights the centrality of networked computers in our lives, as well as the fragility of such seemingly solid facts as individual identity. Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime

830419145640001

Page 3

OUMH1203

3.0 Types of Cyber Crime

Hacking: This kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology Act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for unauthorized access as the latter has wide connotation. Theft of Information Contained In Electronic Form: This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium. Email Bombarding: This kind of activity refers to sending large numbers of mail to the victim, which may be an individual or a company or even mail servers there by ultimately resulting into crashing of the entire system. Data Diddling: This kind of an attack involves altering raw data just before a computer processes it and then changing it back after the processing is completed. Salami Attacks: This kind of crime is normally prevalent in the financial institutions or for the purpose of committing financial crimes. An important feature of this type of offence is that the alteration is so small that it would normally go unnoticed.

830419145640001

Page 4

OUMH1203

Denial of Service: The computer of the victim is flooded with more requests than it can handle which cause it to crash. Distributed Denial of Service (DDoS) attack is also a type of denial of service attack, in which the offenders are wide in number and widespread. Logic Bombs: These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus). Virus or Worm Attacks: Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. The losses were accounted to be $ 10 million. The world's most famous worm was the Internet worm let loose on the Internet by Robert Morris sometime in 1988. Almost brought development of Internet to a complete halt. Trojan Attacks: This term has its origin in the word Trojan horse. In software field this means an unauthorized programme, which passively gains control over anothers system by representing itself as an authorized programme. The most common form of installing a Trojan is through e-mail. E.g. a Trojan was installed in the computer of a lady film director in the U.S. while chatting. The cyber criminal through the web cam installed in the computer obtained her nude photographs. He further harassed this lady.

830419145640001

Page 5

OUMH1203

Internet Time Theft: Normally in these kinds of thefts the Internet surfing hours of the victim are used up by another person. This is done by gaining access to the login ID and the password. E.g. Colonel Bajwas case the Internet hours were used up by any other person. This was perhaps one of the first reported cases related to cyber crime in India. However this case made the police infamous as to their lack of understanding of the nature of cyber crime. Web Jacking: This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. This may be done for fulfilling political objectives or for money. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the gold fish case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. Thus web jacking is a process whereby control over the site of another is made backed by some consideration for it.

830419145640001

Page 6

OUMH1203

4.0 Classification of Cyber Crimes We are currently living in Cyber age, where Internet and computers have major impacts on our way of living, social life and the way we conduct businesses. The usage of information technology has posed great security challenges and ethical questions in front of us. Just as everything has positives and negatives, usage of information technology is beneficial as well as insecure. With the growth of the internet, network security has become a major concern. Cyber crimes have emerged rapidly in the last few years and have major consequences. Cyber criminals are doing everything from stealing money, hacking into others computer, stealing intellectual property, spreading viruses and worms to damage computers connected on the internet and committing frauds. Stoppage of cyber crimes is a major concern today. Cyber criminal make use of the vulnerabilities in computer softwares and networks to their advantage. The subject of cyber crime may be broadly classified into 4 major categories as:

Cyber crime Against Individual

Cyber crimes Against Property

4 Major Categories of Cyber Crime Cyber crimes Against Organization Cyber crimes Against Society

1) Against Individuals (I) Email spoofing: A spoofed email is one in which e-mail header is forged so that mail appears to originate from one source but actually has been sent from another source II) Spamming: Spamming means sending multiple copies of unsolicited mails or mass e-mails such as chain letters.

830419145640001

Page 7

OUMH1203

III) Cyber Defamation: This occurs when defamation takes place with the help of computers and or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information. IV) Harassment and Cyber stalking: Cyber Stalking Means following the moves of an individual's activity over internet. It can be done with the help of many protocols available such at e- mail, chat rooms, user net groups.

2) Against Property: I) Credit Card Fraud: II) Intellectual Property crimes: -Software piracy which is illegal copying of programs, distribution of copies of software. -Copyright infringement -Trademarks violations -Theft of computer source code III) Internet time theft: The usage of the Internet hours by an unauthorized person which is actually paid by another person. 3) Against Organization I) Unauthorized Accessing of Computer: Accessing the computer or network without permission from the owner. It can be of 2 forms: a) Changing or deleting data: Unauthorized changing of data.

b) Computer voyeur: The criminal reads or copies confidential or proprietary information, but the data is neither deleted nor changed.

830419145640001

Page 8

OUMH1203

II) Denial of Service: When Internet server is flooded with continuous bogus requests so as to denying legitimate users to use the server or to crash the server. III) Computer contamination or Virus attack: A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Viruses can be file infecting or affecting boot sector of the computer.

Worms, unlike viruses do not need the host to attach themselves to.

IV) Email Bombing: Sending large numbers of mails to the individual or company or mail servers thereby ultimately resulting into crashing. V) Salami Attack: When negligible amounts are removed and accumulated in to something larger. These attacks are used for the commission of financial crimes.

VI) Logic Bomb: Its an event dependent programme, as soon as the designated event occurs, it crashes the computer, release a virus or any other harmful possibilities.

VII) Trojan Horse: An unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. VIII) Data diddling: This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed.

830419145640001

Page 9

OUMH1203

4) Against Society I) Forgery: Currency notes, revenue stamps, mark sheets etc can be forged using computers and high quality scanners and printers. II) Cyber Terrorism: Use of computer resources to intimidate or coerce others. III) Web Jacking: Hackers gain access and control over the website of another, even they change the content of website for fulfilling political objective or for money.

830419145640001

Page 10

OUMH1203

5.0 Cyber Crimes in Malaysia and USA Most of the cyber crimes in Malaysia and USA are similar but the percentage of cyber crimes is different. According to Cyber Security in Malaysia they announced that total of 28, 871security incidents referred since 2007 till June 2011. The types of incidents are

contending related, cyber harassment, fraud, intrusion, intrusion attempt, malicious code, spam, vulnerabilities report and denial of services. 75% of cases were detecting from law enforcement agencies such as police, central bank and securities. From January 2011 to September 2011 Cyber999 handled 11,930 incidents which is 38.0 percent. The reason of the increasing number of incidents is because Internet users are not coping well with the variation of cyber security matters and safety risks that occur each day via their email, social media application and online business transaction. Other than that more than 17 million of internet users and the number are growing due to the support from the robust development of broadband infrastructure. Security expert Norton by Symantec, in its Cybercrime Report 2011, said Internet users throughout the world had lost US$114bil (RM355.6bil) to online scams over the past 12 months. It also showed that more than a million cyber crimes were committed daily with 14 people falling prey to online crimes each second. And it was reported that 12,990 cybercrime cases had been reported to police over the past four years in Malaysia, with losses amounting to RM109.6mil. In USA a team of scientists found that 95% of credit card transactions for spam operations were handled by only 3 firms, as reported by the ADWEEK on May 20, 2011. Based on the responses agencies, financial institution, medical institutions and universities , the top 10 types of attacks or misuse with the percentage Based on the responses of 494 computer security practitioners in American corporations, government agencies, financial institutions, medical institutions, and universities.

830419145640001

Page 11

OUMH1203

The top 10 types of attacks or misuse with the percentage given in parentheses are Insider abuse of net access 59%,Virus 52% ,Laptop or mobile device theft 50%,Phishing 26%,Instant messaging misuse 25%,Denial of service 25%,Unauthorized access to, information 25%,Bots within the organization 21%,Theft of customer/employee data 17% and Abuse of wireless network 17% .The survey also showed that the total losses for 2007 added up to US$66,930,950 based on 194 responses, up from US$52,494,290 (for 313 respondents) in 2006. The average loss per respondent was $345,005 for 2007, up from $167,713 in 2006. In terms of amount of losses by type of attack, financial fraud registered the highest amount (US$21,124,750) followed by virus (worms/spy ware) (US$8,391,800).

830419145640001

Page 12

OUMH1203

6.0 Preventions and Suggestions for Cyber Crimes Cyber crime is becoming ever prevalent in our society. More and more, companies and individuals rely on the services and resources provided through networks and computers. Companies may be dependent on the data to conduct business, while individuals may store information that is important to their personal or work-related activities. Due to this, it becomes vital that steps are taken to protect computer systems and the data thats stored on them. It is important to remember that no system can ever be completely secure. The only network, Web site, or computer system thats 100% secure is one that cant be accessed by anyone or anything, which makes it completely unusable. Natural disasters, malicious, users who make mistakes or motivated criminals can compromise security and or cause damage. The goal for securing your system should be to balance security with accessibility. With that in mind, here is Top 10 list of steps we can take to avoid becoming a victim of cybercrime. 1) Education - Hackers arent the only ones who can gain power from information. By educating yourself about the types of scams that exist on the Internet and how to avert them, you are putting yourself one step ahead of the cybercriminals. Since phishing is prevalent, read up on the latest phishing scams and learn how to recognize a phishing attempt. Remember, phishing is when hackers attempt to lure you into revealing personal information by pretending to be a legitimate organization or person. These scams often play off major new stories, so keep informed on the latest news-related scams.

2) Use a firewall - Firewalls monitor traffic between your computer or network and the Internet and serve as a great first line of defense when it comes to keeping intruders out. Make sure to use the firewall that comes with your security software. And if you have a home wireless network, enable the firewall that comes with your router.

830419145640001

Page 13

OUMH1203

3) Click with caution - When youre checking your email or chatting over instant messenger (IM), be careful not to click on any links in messages from people you dont know. The link could take you to a fake website that asks for your private information, such as user names and passwords, or it could download malware onto your computer. Even if the message is from someone you know, be cautious. Some viruses replicate and spread through email, so look for information that indicates that the message is legitimate.

4) Practice safe surfing - When navigating the web, you need to take precautions to avoid phony websites that ask for your personal information and pages that contain malware. Use a search engine to help you navigate to the correct web address since it will correct misspellings. That way, you wont wind up on a fake page at a commonly misspelled address. (Creating a phony site at an address similar to the real site is called typo squatting, and it is a fairly common scam.) You may also want to use a product like McAfee Site Advisor software to help you navigate. Site Advisor software is a free browser tool that tells you if a site is safe or not right in your search results, so you are warned before you click.

5) Practice safe shopping - In addition to practicing safe surfing, you also need to be careful where you shop online. Be cautious when shopping at a site that youve never visited before and do a little investigation before you enter your payment information. Look for a trust mark, such as McAfee SECURE, to tell you if a site is safe. And when youre on a payment page, look for the lock symbol in your browser, indicating that the site uses encryption, or scrambling, to keep your information safe. Click on the icon to make sure that the security certificate pertains to the site you are on. You also want to look at the address bar to see if the site starts with https:// instead of http://because this is another way to see if the site uses encryption. When it comes time to pay, use a credit card instead of a debit card. If the site turns out to be fraudulent your credit card issuer may reimburse you for the charges, but with a debit card your money is gone. Finally, evaluate the sites security and privacy policies in regards to your personal data.

830419145640001

Page 14

OUMH1203

6) Use comprehensive security software and keep your system updated - Because hackers have a wide variety of ways to access your system and information, you need comprehensive security software that can protect you from all angles. Software like McAfee Security Center, available preloaded on Dell PCs, can help protect you from malware, phishing, spyware, and other common and emerging threats. Just make sure that you keep your security software up to date by selecting the automatic update function on your security control panel. And dont forget to perform regular scans. You also want to update your operating system (OS) and browser with the latest security patches. If you are a Microsoft Windows user, you can enable automatic updates to keep your OS safe. 7) Secure your wireless network - Hackers can access data while its in transit on an unsecured Wireless network. You can keep the hackers out by enabling the firewall on your router and changing the routers administrator password. Cybercriminals often know the default passwords and they can use them to hack into your network. You may also want to set up your router so it only allows access to people with passwords that are encrypted. Check your owners manual for instructions on setting up encryption.

8) Use strong passwords - Although it may be easier for you to remember short passwords that reference your birthday, middle name, or pets name, these kinds of passwords also make it easy for hackers. Strong passwords can go a long way in helping secure your information, so choose a password that is at least 10 characters long and consists of a combination of letters, numbers and special characters. Also consider changing your password periodically to reduce the likelihood of it being compromised.

9) Use common sense - Despite the warnings, cybercrime is increasing, fueled by common mistakes people make such as responding to spam and downloading attachments from people they dont know. So, use common sense whenever youre on the Internet. Never post personal information online or share sensitive information such as your social security number and credit card number. Exercise caution when clicking on any links or downloading any programs.

830419145640001

Page 15

OUMH1203

10) Be suspicious - Even if you consider yourself cyber savvy, you still need to keep your guard up for any new tricks and be proactive about your safety. Backup your data regularly in case anything goes wrong, and monitors your accounts and credit reports to make sure that a hacker has not stolen your information or identity. Although protecting yourself does take some effort, remember that there are a lot of resources and tools to help you. And by adopting a few precautions and best practices, you can help keep cybercrime from growing.

830419145640001

Page 16

OUMH1203

7.0 Conclusion Computer crime definitely must be taken seriously. Attacks can come from a computer across the room or computers located in another country. The threat could be external or it could be internal. It may have financial impact, it may deal with child pornography or it m has increased over the years and many more unreported, the development of computer crime laws and policing initiatives must grow in tandem. Tackling computer crime is similar to tackling computer security, you have to start from the basics and address one thing at a time. As long as there is a system in place to punish the wrongdoers, as long as there is public awareness of the potential seriousness of such crimes, I believe that there will be much headway in computer crime law and investigation in the coming years in Malaysia and around the world. One important element that I found to be similar between most of the cases was the strength of the investigation team and the support it has received from its counterparts whether locally or internationally. It is submitted that Malaysia must have up to date laws to effectively deal with the cybercrimes that comes along with the Internet. To this end, Malaysia must constantly check and conduct measurements to determine the use utility of its current laws to combat cybercrime. One cannot deny that the online environment cannot and will never be rid of cybercrimes due to the Internets unique architecture.

830419145640001

Page 17

OUMH1203

Appendix Cases of Cyber Crime in Malaysia and USA WEDNESDAY, AUGUST 10, 2011 (202) 514-2007 WWW.JUSTICE.GOV TTY (866) 544-5309 BROOKLYN MAN PLEADS GUILTY TO ONLINE IDENTITY THEFT INVOLVING MORE THAN $700,000 IN REPORTED FRAUD Defendant Possessed Information from More Than 2,300 Credit Card Accounts WASHINGTON A Brooklyn, N.Y., and man pleaded guilty today in U.S. District Court in Alexandria, Va., for his role in managing a credit card fraud operation that operated throughout the East Coast of the United States, announced Assistant Attorney General Lanny A. Breuer of the Justice Departments Criminal Division and U.S. Attorney Neil H. MacBride of the Eastern District of Virginia. Jonathan Oliveras, 26, pleaded guilty before U.S. District Judge Gerald Bruce Lee in the Eastern District of Virginia to a two-count criminal information charging him with wire fraud and aggravated identity theft. Oliveras admitted to managing a scheme to purchase stolen credit card account information through the Internet from individuals believed to be in Russia. Oliveras also admitted to distributing the purchased information to individuals in the New York, New Jersey and Washington, D.C., metropolitan areas so that it could be used to make fraudulent purchases. In pleading guilty, Oliveras admitted to illegally possessing information from 2,341 stolen credit card accounts as well as equipment to put that information onto counterfeit credit cards. According to information presented in court, companies have reported to the government more than 4,400 fraudulent charges totaling $770,674 on accounts illegally possessed by Oliveras. Oliveras also possessed 409 gift, debit or credit cards used as part of the scheme, which had a total stored value of $42,688. Sentencing for Oliveras is scheduled Oct. 28, 2011, at 9:00 a.m. EDT. He faces a maximum penalty of 20 years in prison and a fine of $1,541,349 on the wire fraud charge, and two years in prison and a $250,000 fine on the identity theft charge. The case is being prosecuted by Michael Stawasz, a Senior Counsel in the Criminal Divisions Computer Crime & Intellectual Property Section and Special Assistant U.S. Attorney in the Eastern District of Virginia, and Assistant U.S. Attorney Ryan Dickey of the U.S. Attorneys Office for the Eastern District of Virginia. The case was investigated jointly by the Washington Field Offices of both the U.S. Secret Service and the FBI, with assistance from the New York and New Jersey Field Offices of both agencies.

830419145640001

Page 18

OUMH1203

Bernama- THE Information, Communications and Culture Ministry have opened 20 investigation papers on cyber crimes in the first three months of this year. The crimes comprised dissemination of lies, misuse of information, defamation, sedition and pornography. Deputy Minister Datuk Joseph Salang Gandum said investigations were carried out under Section 211 and 233 of the Communications and Multimedia Act 1998 (Act 588) which provided a jail term not exceeding a year, or a fine up to RM50,000, or both, upon conviction.

He said this in reply to Datuk Zaitun Mat who wanted to know how far the government would go to fight cyber crime threats. "Last year, 582 investigation papers were opened and probed, 422 of which were under Section 211 and 233 of the act. Apart from the act, those found to have abused the internet can also be charged under the Banking and Financial Institutions Act 1989, Capital Markets and Services Act 2007, Sedition Act 1948, Defamation Act 1957 or even under the Penal Code. "Besides taking the culprits to court, the Malaysian Communication and Multimedia Commission (MCMC) will also block the access to phishing, fraud, illegal investment and pornography websites.".

The MCMC had also set up a bureau to receive complaints to identify and probe those responsible for providing and disseminating such content. -- Bernama

830419145640001

Page 19

OUMH1203

8.0 References Websites:

1) http://www.spamfighter.com/News_Show_Other.asp?M=3&Y=2011 2) http://www.nrps.com/community/comprev.asp 3) http://www.cybercrime.gov/bloomberg.htm 4) www.cybersecurity.my/en/knowledge_bank/news/.../index.html 5) http://www.gomamu.com/subjects/technology/text/cyber_crime_02.html

Bibliography:
6) Thomas, D. and Loader, B. (2000) Introduction cyber crime: law enforcement,
security and surveillance in the information age, in: D. Thomas and B. Loader (Eds.), Cyber crime: Law Enforcement, Security and Surveillance in the Information Age,

830419145640001

Page 20

OUMH1203