4. Miss. Maryam Khan.
11 January 10, 2016
University of Sargodha
(Lahore Campus)
Introduction
What is Cybercrime?
A crime committed or facilitated via the Internet is a cybercrime. Cybercrime is any criminal
activity involving computers and networks. It can range from fraud to unsolicited emails (spam).
It can include the distant theft of government or corporate secrets through criminal trespass into
remote systems around the globe. Cybercrime incorporates anything from downloading illegal
music files to stealing millions of rupees from online bank accounts. Cybercrime also includes
non-money offenses, such as creating viruses on other computers or posting confidential business
information on the Internet.
Commission of cybercrime can be:
5. • The computer as a target attacking the computers (e.g. spreading viruses etc.).
• The computer as a weapon to Commits fraud or illegal gambling.
• The computer as an accessory to store illegal or stolen information.
CYBER CRIME: THE FACTS
• Cybercrime has now surpassed illegal drug trafficking as a criminal moneymaker.
• Somebody’s identity is stolen every 3 seconds as a result of cybercrime.
• Without a sophisticated security package, your unprotected PC can become infected within
four minutes of connecting to the Internet.
MAJOR ONLINE ACTIVITIES
• Social networking
• Internet surfing
• Audio & video communication
• Entertainment
• Online shopping
• Map directions / GPS
• Online education
• Online auction
• Information sharing
• Medical assistance
• Online games
CYBER CRIME CATEGORIES
• Hacking
• Identity theft
• Cyber Bullying
• Cyber Stalking
• Financial fraud
• Digital Piracy
6. • Computer viruses and worms
• Malicious Software
• Intellectual property rights
• Money Laundering
• Denial of Service attack
• Electronic Terrorism,
• Vandalism and Extortion
HACKING
Trying to get into computer systems in order to steal, corrupt, or illegitimately view data.
Hacking comes from the term “hacker”, who is an expert in computer programming languages
and systems. Hacking, in this sense, means using unusually complex and clever methods to make
computers do things. For some time, however, the popular press has used the word “hacker” and
“hacking” in a negative way to refer to individuals who try to get into computer systems in order
to steal, corrupt, or illegitimately view data. Hackers themselves maintain that the proper term for
such individuals is “cracker”, and that their activities should be called cracking. However, in order
to be consistent with the most common usage of the word, we use “hacking” here to refer to
unauthorized access.
WEBSITE DEFACEMENT
Website defacement is an attack on a website that changes the visual appearance of the site
or a webpage. This is typically the work of system crackers, who break into a web server and
replace the hosted website with one of its own. The most common method of defacement is using
SQL Injections to log on to administrator accounts. Defacements usually consist of an entire page.
This page usually includes the defacer’s pseudonym or “Hacking Codename.” Sometimes, the
Website Defacer makes fun of the system administrator for failing to maintain server security.
Most times, the defacement is harmless, however, sometimes it can be used as a distraction to
cover up more sinister actions such as uploading malware or deleting essential files from the
server.
7. CYBER BULLYING
Cyber stalking (also called cyber harassment) is when someone uses the Internet to threaten
or make unwanted advances towards someone else. This sort of harassment can cause physical,
emotional, and psychological damage to the victim. Children are particularly vulnerable because
of their trusting nature and give away their personal information. This information later is used
against them for stalking purpose.
CYBER STALKING
Using the Internet to threaten or make unwanted advances towards someone else Cyber
stalking (also called cyber harassment) is when someone uses the Internet to threaten or make
unwanted advances towards someone else. This sort of harassment can cause physical, emotional,
and psychological damage to the victim. Children are particularly vulnerable because of their
trusting nature.
CHILD PORNOGRAPHY
The internet evolution has made children a viable victim to the cybercrime. As more homes
have access to internet, children use the internet and chances have increased where they can fall
victim to the aggression of pedophiles. The easy access to pornographic contents available over
the internet lowers the inhibition of the children. Pedophiles lure the children by distributing
pornographic material, and try to meet them for sexual activities which also include collection of
their explicit photographs and videos. Mostly pedophiles try to contact children in chat rooms
posing as teenagers, and start to befriend them to win their confidence.
Each year, countless children around the world fall prey to sexual predators. These young
victims are left with permanent psychological, physical, and emotional scars. When a recording of
that sexual abuse is made or released onto the Internet, it lives on forever. It haunts the children
depicted in it, who live daily with the knowledge that countless strangers use an image of their
worst experiences for their own gratification.
SOCIAL ENGINEERING
Social engineering is a technique used by cyber criminals to get access to confidential
information. With social engineering, attackers use manipulation and deceit to trick victims into
giving out confidential information.
8. Some of the social engineering methods used by attackers:
• Sending messages that contain dangerous attachments (e.g. malware) with text that
encourage people to open the attachments.
• Pretending to be the main administrator of a local network and asking for the victim’s
password in order to perform a maintenance check.
• Telling a victim over the phone that he/she has won a prize, in return they ask for a credit
card number to deliver it.
• Asking for a user’s password for a certain Internet service, such as a blog, and later use the
same password to access user’s computer. This technique works because users often use
the same passwords for many different portals.
DATA THEFT
Data theft is the act of stealing computer based information from an unknowing victim
with the intent of compromising privacy or obtaining confidential information. Data theft is
increasingly a problem for individual computer users, as well as big corporate firms. The
following categories are most common in data theft cases.
sure that your data is safe from prying eyes when you sell or buy things on the Web. Carelessness
can lead to leaking your private account information.
• Password cracking: Intruders can access your machine and get valuable data if it is not
password protected or its password can be easily decoded (weak password).
• Eavesdropping: Data sent on insecure lines can be wiretapped and recorded. If no
encryption mechanism is used, there is a good chance of losing your password and other
private information to the eavesdropper.
• Laptop theft: Increasingly incidents of laptop theft from corporate firms occur with the
valuable information stored in the laptop being sold to competitors. Carelessness and lack
of laptop data encryption can lead to major losses for the firm.
IDENTITY THEFT
Identity theft refers to a crime where an individual maliciously obtains and uses another
individuals personal/sensitive information to commit frauds/scams by using the stolen identity.
Mostly this crime is committed for economic gain. The cybercriminal gains access to an
9. individual’s information by stealing email details, stored information on computer databases, they
eavesdrop over the networks to get hold of transactions. Identity thefts includes but not limited to
shoulder surfing, dumpster diving, spamming, spoofing, phishing, and skimming.
FINANCIAL FRAUD
Financial fraud is a criminal behavior in which a person uses wrong methods to trick a
victim out of his money. The Internet fraud scheme is a common example of financial fraud,
which includes emulated online sales, retail schemes, business opportunity schemes, identity theft,
market manipulation schemes, and credit card schemes.
COMPUTER VIRUSES AND WORMS
A virus is a malicious program that passes from one computer to another in the same way
as a biological virus passes from one person to another. Most viruses are written with a malicious
intent, so that they may cause damage to programs and data in addition to spreading themselves.
Viruses infect existing programs to alter the behavior of programs, actively destroy data, and
perform actions to storage devices that render their stored data inaccessible.
A worm is a software program that uses computer networks and security holes to replicate
itself from one computer to another. It usually performs malicious actions, such as using the
resources of computers as well as shutting down the computers.
INTELLECTUAL PROPERTY RIGHTS
Intellectual property rights are concerned with any act that allows access to patent, trade
secrets, customer data, sales trends, and any confidential information.
DENIAL OF SERVICE ATTACK
A Denial of Service (DoS) attack is mounted with the objective of causing a negative
impact on the performance of a computer or network. It is also known as a network saturation
attack or bandwidth consumption attack. Attackers perform DoS attacks by sending a large
number of protocol packets to the network.
10. Recommendations
SECURE YOUR SMART PHONES
• Always secure your smartphone with a strongpassword.
• Ensure that your device locks itself automatically.
• Install securitysoftware.
• Only download apps from approved sources.
• Check your apps permissions.
• Don’t miss operatingsystem updates.
• Be wary of any links you receive via email or text message.
• Turn off automatic Wi-Fi connection.
• When browsing or shopping onyour phone (or computer), always lookfor "https"
in the URL instead of "http".
SECURE YOUR ONLINE BANKING
• Never use same PIN CODE for multiple bank accounts.
• Never use unprotected PCs at cybercafés for internet banking.
• Never keep your pin code and cards together.
• Never leave the PC unattended when using internet banking in a public place.
• Register for Mobile SMS, Email Transaction Alerts.
• Never reply to emails asking for your password or pin code.
• Visit banks website by typing the URL in the address bar.
• Log off and close your browser when you are done using internet banking.
• When using ATM always conceal keypad before entering pin code.
• Before using ATM, make sure that there is no extra device installed in the surroundings.
SECURE YOUR FACEBOOK
• Use extra security features to access account (security code, Login alert etc.).
11. • Use login notification alert.
• Allow specific individuals to view your contents (Videos, Photos and Friends etc.).
• Control who can contact you.
• Block your profile from search engines.
SECURE YOUR WIFI
• Change Default Administrator Passwords and Usernames of the Wi-Fi Router.
• Use complex password and change Password after regular intervals.
• Position the Router or Access Point Safely.
• Turn off the Network / Wi-Fi routers if it is not in use.
SECURE YOUR BROWSING
• What you put online will always remain there.
• Never trust any free online content.
• Don’t provide personal information online to get something free.
• Don’t click on links inside emails or messages.
Role of Pakistan in the Cyber World
The Pakistan market has now grown manifolds with the largest majority of internet users
in Karachi and then Lahore and Islamabad. These three cities jointly provide over 90% of the
customer base and expansion in activity is also likely to remain primarily confined to these cities
because of the concentration of economic activity in these cities.
It is no surprise that Pakistan is not free from the cyber space dilemma. The availability of
computers and Internet connections provides unprecedented opportunities to communicate and
learn in Pakistan. However, certain individuals do exploit the power of the Internet for criminal
purposes as well.
Pakistan has a legal framework in place to address cybercrimes. The Electronic
Transaction Ordinance 2002 was passed by Pakistan Government with the objective to recognize
and facilitate documents, records, information, communications and transactions in electronic
form, and to provide for the accreditation of certification service providers. With this legal
framework we do have legal backing for electronic information and communication, as any
12. written and signed document. With ETO in place, Pakistan has joined an exclusive band of
countries that provide necessary framework and an impetus for growth of electronic commerce in
Pakistan.
The Electronic Transaction Ordinance is an essential prerequisite for e-commerce growth
and termed as "a landmark decision for the IT development of the country"
The Ordinance aimed to achieve:
• Great economic impact.
• E-commerce and projecting Pakistan’s products such as textile, leather goods,
sports goods and surgical items to the world.
• Increased e-transactions.
• Major benefits for the small and medium business enterprises as the cost of
transactions are greatly reduced electronically.
• Legal and safe trading to take place as the necessary laws to protect the interests of
both the buyers and the sellers in the process of electronic sales and purchases are
protected through the promulgation of the Electronic Transaction Ordinance 2002.
The Federal Government, by notification in the official Gazette, makes rules to carry out
the Purposes of the Ordinance.
The ordinance has laid down clauses for the following offenses related to electronic
transactions:
• Provision of false information
• Issue of false certificate
• Damage to information system
Furthermore, the Electronic Crime Act 2004 was prepared by the Ministry of Information
Technology, Pakistan with the Electronic Transaction Ordinance 2002 as the basis.
13. The Act addresses and lays down legislative terms for the following cybercrimes:
• Criminal access
• Criminal data access
• Data damage
• System damage
• Electronic fraud
• Electronic forgery
• Misuse of devices
• Misuse of encryption
• Malicious code
• Cyber stalking
• Spamming
• Spoofing
• Unauthorized interception
• Cyber Terrorism
• Waging cyber war
• Enhanced punishment for offences involving sensitive electronic systems
• Attempt and aiding or abetting
Other initiatives taken by GoP include the formation of a National Response Center to stop
internet misuse and trace those involved in cybercrimes. The Accreditation Council, in line with
the National IT Policy and the Electronic Transactions Ordinance 2002, was also formed for
Certificate Authorities by the Ministry of Information Technology. This voluntary licensing
program aims at promoting high integrity licensed CAs that can be trusted. A CA wishing to get
licensed will have to meet stringent licensing criteria in various aspects, including financial
soundness, personnel integrity, strict security controls and procedures.
14. Conclusion
It is not possible to eliminate cybercrime from the cyber space in its entirety. However, it is quite
possible to check it. Any legislation in its entirety might be less successful in totally eliminating
crime from the globe. The primary step is to make people aware of their rights and duties (to
report crime as a collective duty towards the society) and further making the application of the
laws more stringent to check crime.
Developing nations must learn from the experiences of developed nations and leap
forward to prepare against the inevitable cybercrime. In order to strengthen the overall
infrastructure, efforts by each country must be made at an international level to cooperate and
coordinate with each other so as to come to harmonized terms on matters regarding security. In
this regards, international instruments such as the Council of Europe’s Convention on Cyber
Crime 2001, could prove extremely valuable in fighting cybercrime at an international level.
However, in any draft legislation it is important that the provisions of the cyber law are not
made so stringent that it may retard the growth of the industry and prove to be counterproductive.
References
Websites:
Http://www.wikipedia.org http://www.interpol.int
http://www.nr3c.gov.pk http://www.itu.int/ITU-
D/cyb/cybersecurity/legislation.html
Books:
“A to Z of cybercrime” By Aaushi Shah & Srinidhi Ravi.
:The hacker’s Underground Handbook” By David Melnichuk.