Introduction
Improvements made in information systems and telecommunications in the past 70 years have propelled humankind into a new ‘Age of Information’. The information age is characterized by ease of communication, fast processing power and a wide spread of technology. The internet is one of the main products of the information age. Computers and the internet are increasingly becoming ubiquitous in homes, businesses and government offices and indispensable to governments and businesses around the world.
The internet has been in popular use for over twenty years now. More and more functions of everyday life are being incorporated into the internet. People’s dependence upon the internet encompasses both their personal and professional lives. One of the unfortunate effects of this dependence upon the internet is that when internet services are disrupted for some reason, there is a great impact on people’s lives and businesses proportional to the extent of their dependence on the internet.
Criminal acts committed on the internet have the same general purpose and motivation as those committed in the conventional manner i.e. the desire to take what belongs to others, to find out other people’s secrets, sexual desires etc. the only difference is that computers and computer networks are the tools used to commit the crime, the target of criminal actions may be digital resources or the internet may provide the environment in which the crime is committed. Computers speed up search and allow fast transactions. Activities done online allow a greater anonymity to users as compared to activities conducted offline. In addition, because the internet is a relatively new technology for most users, they are often uninformed and unwary about threats on the internet; a weakness which may be exploited by criminal elements. Also, because computer crimes are a relatively new phenomenon, the legal protection may not be enough to protect people from online threats (Samuelson 1999).
Threats on the Internet
There are many types of criminal activity that people need to be wary of, on the internet, some of these threats are:
Cracking
Removal of copyright, security and other restrictions in an illegal manner in order to gain unauthorized access to digital resources is known as cracking. Cracking may be employed in order to gain unauthorized access to networks, data or software (Craig & Honick 2005).
Piracy
Malevolent individuals often ‘pirate’ or illegally disseminate digital resources on the internet. Some of the types of digital resources that are commonly pirated on the internet include software programs, movies, music and data. Because pirates often offer costly digital material for little or no cost, there is an enormous temptation for internet users to download such digital resources from peer-to-peer networks or from shady websites. However these resources are often contaminated with viruses and other malevolent software. In addition the downloading of pirated software exposes businesses and other institutions to the threat of legal action from the holders of the copyrights (Easttom & Taylor 2010).
Cyberstalking/Cyberharassment
Computers are increasingly being used by online by perverted and obsessive individuals to stalk and harass others. The Web 2.0 social media culture encourages people to share their private information online. People who withdraw from participating in social media risk alienating themselves from the company of their peers and losing important social opportunities. On the other hand when people do engage with the social media culture, they run the risk of their private information falling it the hands of malevolent individuals who may then employ it to track their movements and harass them in various ways (Milhorn 2007).
The threat of cyberstalking and cyberharrassment can be lowered if users exercise discretion while sharing their personal information on the internet. Users also need to avoid antagonizing other people and keep away from internet venues where hostility toward others is encouraged.
Cyberpornography and other Objectionable Online Content
The seeming anonymity of the internet often gives people a false reassurance that they share illegal or immoral material, plan illegal or immoral actions or discuss the illegal or immoral actions they may have committed without any consequence for themselves. Businesses and other institutions which do not keep an eye on what the users of their networks are discussing or the kind of material they are disseminating run expose themselves to the risk of prosecution by law enforcement agencies. Illegal forms of pornography in the United States include pornography depicting acts of violence, rape, sex of adults with underage individuals and bestiality (Joyce 2008).
Families may also wish to protect underage children from viewing immoral material on the internet including both legal and illegal material. A lot of the content on the internet is unsuitable for minors. Content on the internet that children may need to be shielded from includes material advocating racism and ethnic strife or incorporating the use of ethnic or racial slurs, material depicting sexual acts or nudity, information about recreational drugs and drug paraphernalia, material advocating or depiction of violence (Oswell 2009).
Several software programs exist that limit the sites that minors may visit to a preselected list of approved websites. One of the most popular brands of such software is the ‘Net Nanny’ series of products by ContentWatch Inc. that allow parents and guardians to decide what sites children may surf. However just installing such censorship software may not offer a real solution to the problem of objectionable content on the internet, parents and teachers need to actively monitor how children are using the internet and guide them in the proper use of the internet (Oswell 2009).
Identity Theft on the Internet
Using the internet it becomes easier for criminals to assume the identity of another person and make use of their personal resources. Enterprising criminals may gain knowledge of people’s passwords etc. and thus gain access to their websites, email accounts or online bank accounts. According to a report released by the U.S. department of Justice, over 7.9 million U.S. households were affected by identity theft in 2007 (Langton & Baum 2010).
The key to protecting ones identity on the internet is to reveal as little information about oneself as possible. It is important for users to protect their private documents with passwords and other access controls wherever possible. Especially when transmitting information over a wireless network. Passwords and other access information should never be written down, left lying around or recorded in cell phones and other unsecure devices. Passwords should be memorized and changed periodically. Users should not allow browsers to save login information for their important online accounts and they should avoid logging into their important online accounts from libraries, internet cafes and other public computers (Bidwell, Cross & Russell 2002).
Users of online banking services and those who buy or sell things online should be especially wary about receiving bills for thing that they do not remember purchasing. Users should analyze their bank statements every month and ask for their quarterly credit ratings in order to make sure that no purchases or financial transactions have been fraudulently made in their name (Davis 2005).
Fraud on the Internet
The internet is also a great place for criminals who wish to defraud users of their wealth in various ways. The internet abounds with fake e-business opportunities, medical quackery, fake investment opportunities and fraudulent propositions for defrauding others etc. One type of scam which has become notorious on the internet involves an email purporting to come from a relative of a deceased African dictator, the email offers the mark a chance to gain a part of the dictator’s ill-gotten wealth in return for help in transferring the funds to another country. This scam is commonly associated with Nigerian scammers The real purpose of the scammers is to learn the mark’s banking details and then use it to steal money from their bank accounts, some scammers also induce the marks to visit Nigeria themselves and then hold them for ransom, a few people have been killed as a result of this scam (Bidwell, Cross & Russell 2002).
In order to prevent users from being affected by these scams system administrators need to inform them of such scams and educate them about the need to maintain skepticism in response to claims made on the internet and to always beware of conducting business or sharing private information with strangers on the internet.
Methods Commonly Employed in order to commit Crimes on the Internet
Privilege Escalation
A privilege escalation attack is said to occur when a person with certain privileges i.e. having a certain level of access in a computer network, exploits various flaws and bugs in the programming of the system to gain further privileges that they are not authorized to, for example a person having lower-level access to a network may use privilege escalation to gain administrative rights on the network (Craig & Honick 2005).
Creating and/or Distributing Malware
Some of the most common tools for committing internet crimes are various types of malicious software that allow criminals to gain access to various systems and the information or resources contained in them or merely to disrupt the functioning of the systems out of a desire to cause chaos.
Computer Viruses
A virus is a piece of programming code that spreads itself across computer systems and networks by attaching copies of itself to other files. Some viruses cause an infected system to shut down entirely, others place disturb the functioning of the computer system or use the systems in unauthorized ways, some viruses restrict users from certain computer functions, others open up the computer system to further intrusions or exploitation or cause various nuisances (Easttom & Taylor 2010).
Trojan Horses
Trojan horses are computer programs that appear to be harmless on the surface but are built with a secret ‘back doors’ which are designed to allow hackers unauthorized access to the system, by bypassing its defenses (Easttom & Taylor 2010).
In 2003, a 19 year old hacker Van Dinh belonging to Phoenixville, Pennsylvania was convicted of employing a trojan to gain access to an online broker’s e-brokerage account which he then used to get rid of $37,000 worth of his own poor investments (Davis 2005).
Worms
Worms are self-replicating programs that propagate themselves across networks through replication, but do not need to attach themselves to files. Worms may serve as vectors for other types of malware, even when they don’t spread other computer diseases, worms clog up networks by consuming bandwidth (Easttom & Taylor 2010).
Logic Bombs
Sometimes programmer insert a code into software that causes it to lie dormant for a certain period after installation or until certain conditions are met, at which point the code causes the program to perform a pre-programmed function. Logic bombs have legitimate and ill-legitimate uses. Some programmers use logic bombs to disable the use of their commercial software once the trial period is over (Wilding 2006).
Malevolent individuals may employ logic bombs for their own nefarious purposes. In 2009 a UNIX Engineer, Rajendrasinh Makwana was arrested by the FBI for allegedly planting a logic bomb at Fannie Mae’s datacenter where he was a contracted worker. According to the FBI, after Makwana’s contract was terminated, he wrote a logic bomb would have erased all records at the data center on January 31 2009 (Prasad 2009).
Rootkits
A rootkit is a program provides users unauthorized access to the administrative sections of a targeted computer system (Brumley, 1999). Rootkits may be spread and installed in a system in many different ways. The rootkit may be installed by a person having lower level access to the system or it may enter the system in the form of the payload of a worm (Wilding 2006).
Key Loggers
Key loggers are hidden programs that record all key stokes made on a computer in the order in which they were made. Key loggers may be legally installed on a work computer by employers in order to make sure that they are performing their jobs or they may be installed illegally by someone wishing to learn the passwords of other people in order to gain access to their mail or bank accounts. It is possible to install keyloggers manually or they may be installed by another malicious program (Wilding 2006).
Phishing
Phishing is the name given to attempts by criminal elements to gain the personal information of people through fraudulent websites and emails etc. A common phishing attack involves phishers sending a target an email which porports to be from their bank. The email contains a login form, requiring them to login to their bank account, however once the user enters this information int the form, it is forwarded to the phisher (Davis 2005).
Social Engineering
Social engineering is when hackers attempt to gain access to a person’s private information through manipulative communications with other humans. For example, a ‘social engineer’ who wishes to gain access to an organization’s private network may call their customer service and pretend to be one of their employees; telling them that he has forgotten his password and needs to log into the network immediately. In many cases, due to people’s gullibility and lack of education about such attacks, ‘social engineers’ manage to convince others that they are legitimate users and thus gain access to private information and resources (Prasad 2009).
Session Hijacking
Sessions hijacking is a very technical method of gaining access to a computer that requires a lot of skill. Sessions hijacking involves a third party intercepting and taking over a legitimate connection that is occurring between two computers and altering this communication for their own purposes (Easttom & Taylor 2010).
Password Cracking
The cracking of passwords refers to the act of logging into to another person’s account by guessing or otherwise acquiring their password. Many people have their date of birth, home address or telephone number as their passwords, this makes it easier for people having some knowledge of their lives to crack their passwords. An alternative to guessing the password is the use of ‘brute force’ programs. These programs attempt to log into an account using all possible word and number combinations or all words in a dictionary (Milhorn 2007).
Most online services have measures in place to make password cracking difficult. General measures a service may take to reduce incidences of password cracking are: 1) Requiring users to select strong passwords that are hard to guess letter and number combinations and do not consist of single words found in the dictionary. 2) Limiting the number of times a user may retry after a failed login. 3) Making use of CATCHPA services to verify human users before retries.
Denial of Service
Denial-of-Service attacks are a type of internet attacks which exploit the limited capability of internet servers to block the legitimate use of services by flooding them with bogus requests. Distributed Denial of Service attacks occur when hackers make use of a network of multiple hijacked computers in various locations around the world to flood the target system. These networks of hijacked computers are known as ‘Botnets’. The owners of botnets often hire them out to criminal elements. Russian criminal gangs often extort money from online casino website by threatening to stop their operations with DDOS attacks (Easttom & Taylor 2010).
If strong security features are not put in place, users run the risk of their computer becoming a part of an illegal ‘Botnet’. Botnet communication makes use of a computer’s processing power and makes heavy demands on its internet bandwidth leading to a slower computer and an extremely slow internet connection.
Protecting Oneself from Malware
It is not possible for a computer user to completely eliminate the threat of being infected with computer viruses and other malware unless they give up using the internet, stop sharing disks, CDs and other removable media and not install any new programs on their computers. However it is possible for them to greatly reduce the risk of infecting their computers by taking the following simple steps:
Not Opening E-Mail Attachments from Unknown People or with Strange Messages from Known People
Many people unwittingly infect their computers with viruses by opening email attachments from people that they do not know. Sometimes the viruses come attached to messages from people in the user’s buddy list with the email itself saying things like “Click here to look at my pictures”. Users should learn to recognize such common deceptions employed by hackers. It is best to verify from the alleged sender through non-email communication methods whether they did in fact send the messages and the attachments (Milhorn 2007).
Not Executing any Executable Programs in the Attachments
It is best to refrain from running any executable files in the attachments regardless of whether they are from known or unknown contacts unless it can be verified that the executable files are legitimate programs and not malware. Extension for executable program files include.bat,.exe,.com,.pif,.lnk,.cmd and.shs. Other executable files include script files for example Javascript files (.js) and Visual Basic script files (.vbs). Users need to be wary of ever running these programs (Milhorn 2007).
Not Downloading Cracked Software on Websites, the Usenet or P2P Networks Etc.
It is not only illegal to download and use cracked software, it may also be dangerous. The pirates may have hidden malware into the cracked software. Someone who defrauds a software company by cracking their software is unlikely to have any scruples in defrauding users of that cracked software of their money (Milhorn 2007).
Blocking Scripts by Default in Internet Browsers
Many malware programs propagate through scripts placed on websites that execute within the web-browser. A lot of the functionality of the internet comes through the use of scripts; therefore it is impractical to disable the use of scripts entirely. However scripts from all websites should be blocked by default and then scripts from trusted websites should be allowed on case by case basis. The NoScript add-on for the Firefox browser is one extension which affords users this ability (Milhorn 2007).
Disabling Autorun for CDs, Flash Drives and other Removable Media
The Microsoft Windows operating system by default allow the use of autorun and autoplay for CDs and other removable media. This usually works through an autorun file titled ‘Autorun.inf’ which is placed in the root directory of the removable media drive. By default, Windows is programmed to execute the commands listed in the autorun.inf file as soon as it installs or detects the removable media drive. Many malware programs propagate themselves through infected autorun.inf files. In order to protect the computer from this threat it is best to disable the autorun function entirely (Milhorn 2007).
Installing Anti-Virus Software and Security Patches etc.
There are many antivirus programs available that can protect people from known online malware. Many people believe that once they have installed an antivirus program and keep it up to date they need not worry about internet security, this is however not the case. Antivirus programs only protect against known threats. There may be a long period of time between the rise of an online malware threat and the updating of an antivirus software to meet that threat (Wilding 2006).
Wireless Security
In most organizations of today, wireless networking takes place. Wireless links follow mostly one of two systems; Wireless LAN or 802.11 standard connections. In a wired network eavesdropping is not much of an issue; however in wireless networks, since the transmission of the signal airwaves between two computers that are connected with wireless networking, takes place over the air, enforcing strict security is very difficult (Miller 2001).
Unsecured wireless networks allow anyone to join in, making it easy for malevolent individuals to eavesdrop upon communications. Secure wireless connections in use today, mostly follow one of two security standards; the Wired Equivalent Privacy (WEP) standard and the Wi-Fi Protected Access (WPA) standard (Miller 2001).
WEP has major security problems. It was revealed that experienced and skilled hackers could intercept and crack its packets in minutes. The Wi-Fi Alliance has declared WEP obsolete however it continues to be in use today in many business organizations (Miller 2001).
Wi-Fi Protected Access (WPA) has replaced WEP as the standard of choice for network security professionals. WPA is a great improvement upon the weak data encryption standards of the WEP; it also has an enhanced user authentication standard. These improvements were implemented in allow the encryption keys in a network to be changed at a much faster which lowers the chance that hackers will be able to intercept and decrypt them (Miller 2001).
WPA networks protect each device by a 256 bit key which can be entered either as a 64 digits hexadecimal string or as a passphrase of 8 to 63 ASCII characters. However networks implementing the WPA standard are also vulnerable when operated in pre-shared mode where the encryption key that is used to secure the network is already shared between the entities over a non-secure connection (Karl & Willig, 2007).
Conclusion
Computers and the internet have become important tools for criminal elements. The online world poses many risks to people’s property and personal wellbeing. To prevent themselves from falling victim to cyber crimes, people should exercise caution and discretion when sharing information on the internet. People should install antivirus software, firewalls and other programs for protection on their computers. They should be skeptical about claims made about products, services and investment opportunities on the internet. They should limit their online business deals to trusted entities and reliable online business venues. They should make periodic checks of their financial statements and credit reports and look for transactions made on their behalf that they do not remember making.
References
Bidwell, T., Cross, M. & Russell, R. (2002). Hack Proofing Your Identity in the Information Age, Syngress, Rockland, MA.
Craig, P. & Honick, R. (2005). Software piracy exposed, Syngress, New York, NY.
Davis, K. (2005) ‘Can You Smell the Phish?’, Kiplinger’s Personal Finance, February 2005, pp. 76-80.
Easttom, C. & Taylor, J. (2010). Computer Crime, Investigation, and the Law, Cengage Learning, Boston, MA.
Joyce, R. A. (2008). ‘Pornography and the Internet’, IEEE Internet Computing, vol 12, no. 04, pp. 74-77.
Langton, L. & Baum, K. (2010). ‘Identity Theft Reported by Households, 2007—Statistical Tables’, Statistical Report, Bureau of Justice Statistics, U. S. Department of Justice, NCJ 230742, Office of Justice Programs, Washington D. C.
Milhorn, H. T. (2007). Cybercrime: How to Avoid Becoming a Victim, Universal-Publishers, Boca Raton, FL.
Miller, S. K. (2001). ‘Facing the challenge of wireless security’, Computer , vol 34, no. 7, pp. 16-18.
Oswell, D. (2009). ‘The Dark Side of Cyberspace’, European Journal of Social Theory, vol 12, no. 1, pp. 135-154.
Prasad, R. (2009). ‘Insider Threat to Organizations in the Digital Era and Combat Strategies’, Indo-US Conference and Workshop on Cyber Security, Cyber Crime and Cyber Forensics, Indo-US Science and Technology Forum (IUSSTF), Kochi, India.
Samuelson, P. (1999). ‘Privacy as intellectual property?’, Stanford Law Review, pp. 1125-1173.
Wilding, E. (2006). Information risk and security: preventing and investigating workplace computer crime, Gower Publishing, Aldershot, U. K.