Scrapb

COMPUTER CRIME

ook S
BY
JAMES BEAUCAR
B
QUITOS
 Malicious Program is intrusive program or software that is designed to damage and destroy computers and
computer systems. Malware is a contraction for “malicious software. Examples of common malware includes
viruses, worms, Trojan viruses, spyware, adware, and ransomware.

Examples of Malicious Programs

Virus
 A virus is malicious software attached to a document or file that supports macros to execute its code and spread from host
to host. Viruses are designed to disrupt a system’s ability to operate. As a result, viruses can cause significant operational issues
and data loss.

Worms
Worms are a malicious software that rapidly replicates and spreads to any device within the
network. Unlike viruses, worms do not need host programs to disseminate. A worm infects a device
via a downloaded file or a network connection before it multiplies and disperses at an exponential
rate.

Trojan virus
Trojan viruses are disguised as helpful software programs. But once the
user downloads it, the Trojan virus can gain access to sensitive data and then modify, block, or delete the data.
This can be extremely harmful to the performance of the device. Unlike normal viruses and worms, Trojan
viruses are not designed to self-replicate.

Spyware
Spyware is malicious software that runs secretly on a computer and reports back to a remote user. Rather than simply
disrupting a device’s operations, spyware targets sensitive information and can grant remote access to predators. Spyware is often
used to steal financial or personal information.

Adware
 Adware is malicious software used to collect data
on your computer usage and provide appropriate advertisements
to you. While adware is not always dangerous, in some cases
adware can cause issues for your system. Adware can redirect
your browser to unsafe sites, and it can even contain Trojan
horses and spyware

Ransomware
Ransomware is malicious software that gains access to sensitive information within a system, encrypts that information so
that the user cannot access it, and then demands a financial payout for the data to be released. Ransomware is commonly part of a
phishing scam.

Fileless malware
Fileless malware is a type of memory-resident malware. As the term suggests, it is malware that operates from a victim’s
computer’s memory, not from files on the hard drive. Because there are no files to scan, it is harder to detect than traditional
malware.
 A Denial of Service (DoS) causes computer systems to slow down or stop. It is an attack that is meant to shut down a
machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with

traffic, or sending it information that triggers a crash.

Examples of Denial of Service (DoS)

3. SYN flood
1. Teardrop Attacks
or IP Fragmentation Attacks 2. User Datagram Protocol
flooding

In this type of attack, the hacker sends a
specially crafted packet to the victim. In
order4.toPing of death
transmit data across networks,
IP packets are broken down into smaller
packets. This is called fragmentation.
In a ping of death attack, the attacker
sends a packet larger than 65,536
bytes, the maximum size of a packet
allowed by the IP protocol. The
packets are split and sent across the
internet. But when the packets are
reassembled at the receiving end, the
operating system is clueless about
how to handle these bigger packets,
so it crashes.
User Datagram Protocol (UDP) is an
unreliable packet. This means the
sender of5.the
Exploits
data does not care if
the receiver has received it. In UDP
flooding, many UDP packets are sent
to the victim at random ports.
Exploits for servers can also cause
DDoS vulnerability. A lot of web
applications are hosted on web
servers, such as Apache and Tomcat.
If there is a vulnerability in these web
servers, the attacker can launch an
exploit against the vulnerability. The
exploit need not necessarily take
control, but it can crash the web
server software. This can cause a
DoS attack.
TCP is reliable connection. That means it
makes sure that the data sent by the
sender is completely received by the
receiver. To start a communication
between the sender and receiver, TCP
6. Botnets
follows a three-way
handshake. SYN denotes
the synchronization packet
and ACK stands for acknowledgment.
Botnets can be used to carry out
DDoS attacks. A botnet herd is a
collection of compromised
computers. The compromised
computers, called bots, act on
commands from a C&C server.
7. Reflective DDoS attacks and amplification
attacks
In this kind of attack, the attacker uses a legitimate
computer to launch an attack against the victim by
hiding its own IP address. The usual way is the
attacker sends a small packet to a legitimate
machine after forging the sender of the packet to
look as if it has been sent from the victim. The
legitimate machine will, in turn, send the response
  There are several groups of cyber criminals
responsible for
carrying out ransom DDoS attacks, such as
DD4BC, Armada
Collective, Fancy Bear, XMR-Squad, and

Lizard Squad.
 These groups t arget enterprises. They will first send out an
extortion email, followed by an attack if the victim does not
pay the ransom.

Rogue Wi-Fi hotspots imitate legitimate Wi-Fi

hotspot in order to capture personal information.
A rogue hotspot is a Wi- Fi access point set up by an
attacker. It's meant to mimic a legitimate hotspot provided
by a business, such as a coffee shop that provides free Wi-Fi
access to its patrons.
o Example, you are having a chicken
pepperoni pizza in your favorite Papa John’s
restaurant and you want to get yourself
on to their public WiFi
network to connect with your
friends on Twitter. You turn
on your phone’s WiFi and
search for the available
hotspots, and there you see
two names almost identical to
one another:

o Papa John’s WiFi

o Papa_John’s Free WiFi
Finding entry into someone’s computer network and
leaving
a prankster’s message may seem like fun, which is why
hackers do it. It is still
against the law. Moreover, even if the manipulation
seems harmless, it may
cause a great deal of anxiety and wasted time among
network users.
Finding entry into someone’s computer network and
leaving
a prankster’s message may seem like fun, which is why
hackers do it. It is still
against the law. Moreover, even if the manipulation
seems harmless, it may
cause a great deal of anxiety and wasted time among
network users.
Finding entry into someone’s computer network and
leaving
a prankster’s message may seem like fun, which is why
hackers do it. It is still
against the law.
Moreover, even if the
manipulation seems
harmless, it may
cause a great deal of anxiety and wasted time among
network users.
Data manipulation involves changing
data or leaving prank messages.
 Examples of Data Manipulation
To understand it better, consider a
theoretical example of the stock market.
Imagine an attacker succeeds in breaching
the IT system and performs a data
manipulation attack of any company.
Additionally, imagine the company is a
major play like Amazon or Uber. It would
cause immediate panic in the stock
market. As a result, people will start
selling their shares in a rush, which will
produce losses to these companies and shareholders.
“Not long ago, cyber-attacks by data manipulation [attacks] were the most discussed topic with its various aspects. These attacks
were transforming with use of numerous techniques,” says John Martin, head of research department at CrowdWriter. Indeed, attacks have
evolved past malware encrypting data on a local system. Lately, a cyber-attack called “WannaCry” was causing destruction to other
systems by infecting them. This has caused more responses to cyber-attacks rather than restoration of data from backups. This will
increase the number of vendors.
Hacking and Phishing in California
While California Penal Code Section 502 specifically deals with the unlawful use of computers, computers play a role in countless
other criminal cases in the state. At the firm's official website, Neil Shouse, former Los Angeles prosecutor now of the Shouse Law Group
of California, lists some of the most common computer-related crimes committed in the state.
Among these common offenses, hacking and phishing are both federal crimes, covered in 18 United States Code, Sections 1028
and 1030, also known as the Computer Fraud and Abuse Act. Computer trespassing, more commonly called hacking, occurs when
someone maliciously accesses a computer without permission. Penalties may include up to 10 years in federal prison, with severity
determined by the nature of the trespass; hacking government computers predictably leads to hefty consequences.
 Phishers fraudulently obtain personal information by impersonating
someone else or infect computer systems with viruses or malware as means to
access info, which is often financial. Phishing convictions come with three
to 15 years in prison and fines of up to $250,000, plus forfeiture of any personal
property used or intended to be used in the crime.
Fraud by Input Manipulation
Fraud by input manipulation occurs where false or misleading
data are input into a computer to achieve a specific criminal purpose: for
example, decreasing the amounts entered into a store inventory database to hide the theft of a product.
Fraud by Output Manipulation
Fraud by output manipulation occurs where data or software is input into a computer in order to affect what the computer outputs:
for example, using a stolen bank account number to make unauthorized withdrawals from an ATM.
Computer Forgery
Computer forgery occurs whenever a computer is used to create a fraudulent document or illegally alter an otherwise legal
document: for example, using a computer to create a fake identification badge.
Fraud by Program Manipulation
Program manipulation occurs when data or software in a program is altered to commit or facilitate a crime.

Identity Theft is illegal assumption of a person’s identity for economic gain. Identity theft is primarily
used to perform financial transactions using accounts in your name. These can be making purchases using a credit
card nu mber or taking out a loan for a car. Less commonly, it is used to obtain medical insurance, file fraudulent
tax returns, impersonate another individual during an arrest, open phone or wireless services, or even attempt
blackmail.

Examples of Identity Theft

Stolen Checks
If you have had checks stolen or bank accounts set up fraudulently, report it to the check verification companies. Close your checking and
savings accounts and obtain new account numbers. Give the bank a secret password for your account (not your mother’s maiden name).

ATM Cards
If your ATM card has been stolen or is compromised, get a new card, account number and password. Do not use your old password. When
creating a password, don’t use common numbers like the last four digits of your Social Security number or your birth date.

Fraudulent Change of Address

 Notify the local postal inspector if you suspect an identity theft has filed a change of address with the post office or has used the mail to
commit credit or bank fraud. Find out where the fraudulent credit cards were sent. Notify the local postmaster for the address to forward all mail in
your name to your own address. You may also need to talk to the mail carrier.

Social Security Number Misuse

Call the Social Security Administration to report fraudulent use of your social security number. As a last resort, you might want to change the
number. The SSA will only change it if you fit their fraud victim criteria. Also, order a copy of your Earnings and Benefits statement and check it
for accuracy.

Passports
If you have a passport, notify the passport office in writing to be on the lookout for anyone ordering a new passport fraudulently.

Phone Service
If your long distance calling card has been stolen or you discover fraudulent charges on your bill, cancel the account and open a new one.
Provide a password, which must be used anytime the account is charged.

Driver License Number Misuse

You may need to change your driver’s license number if someone is using yours as identification on bad checks. Call the state or District of
Columbia office of the Department of Motor Vehicles (DMV) to see if another license was issued in your name. Put a fraud alert on your license.
Go to your local DMV to request a new number. Also, fill out the DMV’s complaint form to begin the fraud investigation process. Send
supporting documents with the complaint form to the nearest DMV investigation office.

False Civil and Criminal Judgements

Sometimes victims of identity theft are wrongfully accused of crimes committed by the imposter. If a civil judgment has been entered in your
name for actions taken by your imposter, contact the court where the judgment was entered and report that you are a victim of identity theft. If you
are wrongfully prosecuted for criminal charges, contact the state Department of Justice and the FBI. Ask how to clear your name.
 I nternet scams are scams over the Internet usually
initiated by e-mail and involving phishing. It is a crime in
which the perpetrator develops a scheme using one or
more elements of the Internet to deprive a person of property or any interest, estate, or right by a false
representation of a matter of fact, whether by providing misleading information or by concealment of
information.

Examples of Internet Scams

1. Foreign Lottery Scam
The foreign lottery scam is one of the most common types of email scams, in which you receive what looks like an official email
from a foreign lottery corporation.
2. Survey Scam
This common email scam looks innocent enough. When you click on the link to take the survey, malicious spyware or malware
is installed on your computer. Once this occurs, cybercriminals can spy on every move you make on your computer, collecting
passwords, bank account information, and more. Suddenly, you may see thousands of dollars worth of charges on your credit
card bill for purchases you never made.
3. PayPal or Online Credit Card/Banking Scam
At first, you may really believe there’s something wrong with your PayPal account, as you will receive an email that appears to
be from PayPal with a warning message such as, “Act now, or your account will be deactivated,” or “Security breach on your
account.” This would cause you to panic, open the email, click the link, and log in to your account.
The problem is that you’re not really on PayPal’s website, but rather a false website designed to look identical to PayPal.

4. Mystery Shopper Scam

The secret shopper (or mystery shopper) scam has several different variations, but all are designed to steal your money, your
information, or both. This common work-from-home scam attempts to suck you in with an email featuring a subject line
promising you a large income, simply by working as a mystery shopper.
Here is a short list of the most common types of social networking scams:
6. Hijacked Profile Scam
7. Quiz Scam
Quizzes could end up costing you a monthly charge.
It starts out innocently enough: You see the quiz on your friend’s profile, click on it, and enter your cell phone number as
instructed. The quiz pops up, you take it and find out you’re more an Alice than a Bella, and promptly post it on your profile
for all of your friends to see and participate in.
When next month rolls around, you’re shocked to learn that a $9.95 fee has been added to your cell phone bill for some
dubious “monthly service.” Remember that the quiz asked you for your cell phone number in order for you to take it? You
were so anxious to get the results that you didn’t even
stop to wonder why they wanted it.
8. Suspicious Photo Scam
Is one of the most common ways online con artists obtain
login information to hijack an account One of your
friends, whose account has been hacked, posts a link on
your page with a message such as, “OMG! Is this a
naked picture of you?”
This causes you to panic and you click the link, only to find yourself back at the Facebook login page. You figure it’s just one
of Facebook’s many glitches and login again.
By doing this, you’ve just disclosed your Facebook (or Twitter) account login information. Now, some cybercriminal is out
there using your profile to attempt to scam your friends.
If you see a suspicious link, simply delete it and send a message via email or text message to your friend to warn them they’ve
been hacked.
9. Hidden URL Scam
When you receive a new follower on Twitter, check out their previous updates. Do they all look like spam? Do they follow
thousands of people, yet have few followers of their own? Is their profile picture worthy of a Victoria Secret or Maxim catalog
cover? If this is the case, beware. Clicking on their links could take you to a website where spyware or malware might be
downloaded onto your computer without your knowledge.
10. Sick Baby Scam
It uses a picture of a sick baby to get donations directly to the account of the scammer.
 Cyberbullying is using the Internet, smartphones, or other devices to send/post content
intended to hurt or embarrass another person.

Harassing Someone
 Using text messaging, instant messaging and email to harass, threaten or embarrass the target.
 Engaging in “warning wars.” (Many Internet Service Providers and social media sites offer a way to
report a user who is saying something inappropriate. Kids use these report buttons as a way to get the
victim in trouble or kicked offline.)
  Posting rumors, threats or embarrassing information on social networking sites such as
Facebook, Twitter, and Instagram.3
 Participating in text wars or text attacks, which occur when bullies gang up on the victim and send
thousands of texts. These attacks not only cause emotional distress but create a large cell phone bill.
Impersonating Someone
 Developing a screen name that is similar to the victim’s screen name and then posting rude or hurtful
remarks while pretending to be the victim.
 Stealing the victim’s password and chatting with other people while pretending to be the victim. The
bully will say mean things that offend and anger the victim’s friends or acquaintances.
 Changing the target’s online profile to include sexual, racist or other inappropriate things.
 Setting up an account on a social networking site and posting as the victim while saying mean, hurtful
or offensive things online.4 Actual photos of the victim may be used to make the account look
authentic.
 Posing as the victim and posting in chat rooms of known child molesters, hate groups or dating sites.
The bully may even provide the victim’s personal information encouraging those in the groups to
contact the victim.
 Pretending to be someone else in order to lure an unsuspecting person into a fake relationship. This
type of activity is often called catfishing.
Using Photographs
 Taking nude or degrading pictures of the victim in a locker room, a bathroom or dressing room
without his or her permission.
 Threatening to share embarrassing photos as a way of controlling or blackmailing the victim.
 Sending mass emails or text messages that include nude or degrading photos of the victim. This
behavior is often called “sexting,” and once the photos are sent, there is no way to control it. The
photos can be distributed to hundreds of people within just a few hours.
  Posting nude pictures on photo sharing sites for anyone on the Internet to view and download.
 Using photographs to shame someone online. One common tactic teens use is to engage in slut
shaming. This behavior involves shaming someone, usually a girl, for the way she dresses, acts or the
number of people she has dated.
Creating Websites, Blogs, Polls, and More
 Developing a website with information that is humiliating, embarrassing or insulting for the victim.4
 Spreading rumors, lies or gossip about the victim online through websites or blogs.
 Posting the victim’s personal information and pictures on a website, which puts the victim in danger
of being contacted by predators.4
 Creating a blog about the victim that is embarrassing, insulting or humiliating.
 Using the information that was shared in confidence and making it public.
 Conducting an Internet poll about the victim. Questions in the poll may vary including everything from who is ugly and who
smells to who is dumb and who is fat.
 Posting rude, mean or insulting comments about the victim via the chat option of online gaming sites.
 Sending viruses, spyware or hacking programs to the victim in order to spy on the victim or control his or her computer remotely.
Participating in Video Shaming 
 Using a camera phone to video and later share a bullying incident, which may include one or more kids slapping, hitting, kicking
or punching the victim.
 Downloading a video of something humiliating and posting it to YouTube in order to allow a larger audience to view the incident.
 Sharing a video via mass e-mail or text messaging to humiliate and embarrass the victim.
 Creating an incident that causes another person to become upset or emotional and then record the incident. This type of activity is
often referred to as cyberbaiting. Teachers are a common target for cyberbaiting incidents.

Engaging in Subtweeting or Vaguebooking

 Posting tweets or Facebook posts that never mention the victim's name. Yet the victim, the bully and often a larger audience know
who the posts are referencing.
 Using subtle posts and tweets to fuel the rumor mill while avoiding detection by teachers, administrators, and parents.
 8TIPS
IN
MAKING
A
PASSWORD

2. MAKE YOUR 3. INCLUDE NUMBERS,

1. MAKE YOUR
PASSWORD A NONSENSE SYMBOLS, AND
PASSWORD LONG. UPPERCASE AND
PHRASE.
LOWERCASE LETTERS.
 6. START USING A
PASSWORD MANAGER.
5. DO NOT REUSE
4. AVOID USING OBVIOUS PASSWORDS. Password managers are services
PERSONAL that auto-generate and store
INFORMATION. strong passwords on your
behalf. These passwords are
kept in an encrypted,
centralized location, which you
can access with a master
password.
7. KEEP YOUR PASSWORD
UNDER WRAPS.
Don’t give your passwords to anyone
else. Don’t type your password into
your device if you are within plain
sight of other people. And do not
8. CHANGE YOUR
plaster your password on a sticky
PASSWORDS
note on your work computer.
REGULARLY.