1. Cyber Crime in Modern Society
A brief introduction for people who are new
in the field
Daniel Agudo García
British Council
Barcelona, 11th of February 2016
1
3. What is cybercrime about?
• Cybercrime, is any illegal act that involves the use of a
computer system and a network (especially the
Internet).
• The computer system may have been used in the
commission of a crime as the threat agent, or it may be
the target that suffered the attack.
• Threats can come from anywhere, but generally fall
under three main categories:
– Human deliberate or accidental (staff, maintenance
employees, cleaning services, etc.)
– Non-Human (malware, phising, spam, etc.)
– Natural events (flood, fire, power outage/blackout)
3
5. Cybercrime facts
• Cybercrime has now exceeded illegal drug trafficking
as a criminal moneymaker.
• Somebody’s identity is stolen every 3 seconds as a
result of cybercrime.
• Without a sophisticated security package and a good
basis of cybersecurity, your unprotected personal
computer can become infected within four minutes
of connecting to the Internet.
5
7. Who are behind cybercrimes?
• Kids (age group 9-16 etc.)
• Organized hacktivists (Anonymous, ISIS, etc.)
• Disgruntled employees (insiders)
• Professional hackers (corporate espionage)
7
8. Main cyber security threats
1. PHISHING (using social engineering techniques)
2. SPAM (well known for Internet users)
3. VIRUS (Ransomware is the most dangerous nowadays)
4. BOTNET (connected computers to execute repetitive tasks,
normally commiting a cybercrime)
5. DISTRIBUTED DENIAL-OF-SERVICE (The use of lots of
computers to turn down a system connected to a network)
6. TROJAN HORSE (malicious code which misrepresents itself to
appear interesting in order to persuade a victim to install it)
7. SPYWARE (malicious code to spy someone’s computer)
8. MANY MORE…
8
9. Main targets
Cyber crimes are nowadays affecting the
following three main groups:
1. Cyber crimes against individuals (Identity
Theft, child grooming, etc.).
2. Cyber crimes against property/assets
(copyright violations, P2P, malware
(blackenergy), etc.).
3. Cyber crimes against government
(hacktivism, cyber espionage, etc.).
9
10. FYI!
Hackers = cyber criminals?
The term, “hacker,” is usually used in relation to cyber criminals,
but a hacker can actually be anyone, regardless of their
intentions, who utilizes their knowledge of computer software
and hardware to break down and bypass security measures on
a computer, device or network. Hacking itself is not an illegal
activity unless the hacker is compromising a system without the
owner’s permission. Many companies and government agencies
actually employ hackers to help them secure their systems.
11
11. Types of hackers
Hackers are generally categorized by
type of metaphorical “hat” they don:
“white hat”, “grey hat”, and “black hat”.
There are two main factors that
determine the type of hacker:
1) their motivations
2) whether or not they are breaking
the law
12
12. Black Hat hackers
• Like all hackers, black hat hackers usually have extensive
knowledge about breaking into computer networks and
bypassing security protocols. These kind of hackers can range
from amateurs to experienced hackers who’s primary
motivation is usually aimed to steal data, specifically
financial/personal/governmental information for personal or
financial gain.
• In an increasing number nowadays, some of them can also be
involved in cyber espionage or protest against a cause
(hacktivism).
13
13. White hat Hackers
• White hat hackers choose to use their knowledge for good
rather than evil. Also known as “ethical hackers,” white hat
hackers can sometimes be paid employees or contractors
working for companies as security specialists that attempt to
find security holes via hacking, to help the organizations to
secure their systems and protect their information.
• As a matter of fact, white hat hackers employ the same
methods of hacking as black hats, with one exception- they
do it with permission from the owner of the system first,
which makes the process completely legal.
14
14. Grey Hat Hackers
• Grey hat hackers are a blend of both black and white hat activities.
Often, grey hat hackers will look for vulnerabilities in a system
without the owner’s permission or knowledge. If issues are found,
they will report them to the owner, sometimes requesting a small
fee to fix the issue. If the owner does not respond or comply, then
sometimes the hackers will post the newly found exploit online for
the world to see.
• These types of hackers are not inherently malicious with their
intentions. In fact, they generally will not exploit the found
vulnerabilities. However, this type of hacking is still considered
illegal because the hacker did not receive permission from the
owner prior to attempting to attack the system.
15
15. How to tackle Cyber crime?
The following is a non exhaustive list of cyber crime
prevention tips:
1. Always use strong passwords.
2. Secure all your devices connected to the Internet
(laptop, tablet, smartphones, etc.).
3. Secure your social media pages and profiles.
4. Always keep your system updated, specially the
web browser.
5. Protect your e-identity (be cautious when giving
out personal information).
16
16. How to tackle Cyber crime?
1. Protect your data using encryption (specially
when storing it on cloud platforms).
2. Secure your personal wireless network (avoid
connecting to unknown wi-fi networks).
3. Never reply to emails that ask you to verify your
information or confirm your user ID or password.
4. Avoid being scammed (always think before you
click on a link or file of unknown origin).
5. Call the right person for help in case of suffering
a cyber crime (don’t panic!).
17
17. Main references
• Symantec (http://community.norton.com/)
• Symantec (http://us.norton.com/)
• McAfee (http://www.mcafee.com/us/resources/reports/rp-threats-predictions-
2016.pdf)
• FireEye (https://www.fireeye.com/current-threats/stopping-todays-cyber-
attacks.html)
• FireEye (“Understanding Cyber attackers and their motives” report)
• OWASP (https://www.owasp.org/index.php/Category:Threat_Agent)
• Wikipedia (https://en.wikipedia.org/wiki/Cybercrime)
• Secure Knowledge Management Inc.
(http://www.slideshare.net/markb677/threat-profiling-for-cyber-security-and-
information-security-programs)
• Digitaltrends (http://www.digitaltrends.com/computing/symantec-cybercrime-
costs-114-billion-a-year/)
• Cross Domain Solutions (http://www.crossdomainsolutions.com/cyber-crime/)
18
A Vulnerability is a weakness in a computing system (lack of safeguard) which allows an attacker/threat agent to execute an attack to cause a negative impact on the system.
Hacktivism: “
Hacktivism is the act ofbreaking into a computer system or disrupting services for a politically or socially motivated purpose.
.”
http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx
https://es.wikipedia.org/wiki/Ransomware
Phising: the attempt to acquire sensitive information such as usernames, passwords, and credit card details.
Botnet: is a number of Internet-connected computers communicating with other similar machines in an effort to complete repetitive tasks and objectives.
Obama: U.S. and China Reach Cyber-Espionage 'Common Understanding'
http://www.nbcnews.com/tech/security/obama-u-s-china-reach-cyber-spying-understanding-n433751
A Vulnerability is a weakness in a computing system (lack of safeguard) which allows an attacker/threat agent to execute an attack to cause a negative impact on the system.