Nature and Scope of Cyber crime
Cyber security has always been an important aspect of computing systems but its importance has increased greatly in recent years.
The curriculum covers areas where cyber security is of major importance, but has different security requirements and may be exposed to different threats and attacks. It also covers techniques and mechanisms used to secure computer systems and data to meet those requirements and protect them.
The areas looked at include computer operating systems (and increasingly, distributed operating systems), distributed applications (such as electronic commerce over the Internet), embedded systems (ranging from smart cards to large industrial plant and telecommunications systems), and users.
The techniques and mechanisms looked at include cryptography, authentication & authorization, and access control.
Furthermore, the curriculum integrates the legal, ethical, and professional perspectives, for instance, to address concerns about data security, privacy, and societal impact of computing systems.
By the end of this article, you will able to explain the concept of cybercrime, discuss who a hacker is and demonstrate cybercrime motivation.
Nature and Scope of Cyber crime
Cybercrime is Transnational in nature. These crimes are committed without being physically present at the crime location. These crimes are committed in the impalpable world of computer networks.
To commit such crimes the only thing a person needs is a computer which is connected with the internet. With the advent of lightning fast internet, the time needed for committing the cybercrime is decreasing. The cyberspace, being a boundaryless world has become a playground of the perpetrators where they commit crimes and remain conspicuously absent from the site of crime. It is an Open challenge to the law which derives its lifeblood from physical proofs and evidence.
The cybercrime has spread to such proportion that a formal categorization of this crime is no more possible. Every single day gives birth to a new kind of cybercrime making every single effort to stop it almost a futile exercise. Identification possesses major challenge for cybercrime.
One thing which is common it comes to identification part in cybercrime is Anonymous identity. It is quite an easy task to create false identity and commit crime over internet using that identity.
Cybercrime being technology driven evolves continuously and ingeniously making it difficult for cyber investigators in finding solution related to cyber law crimes. Crimes committed over internet are very different in nature when compared to the physical world.
In crimes relating to cyber space there is nothing sort of physical footprints, tangible traces or objects to track cyber criminals down. Cybercrimes possess huge amount complications when it comes to investigation.
Scope of Cyber Crimes
Cyber Crime is when an individual intentionally uses information technology to produce destructive and harmful effects on the tangible and/or intangible property of others. It has no national boundaries and is usually a term for criminal activities involving a computer or a network as a tool or a target.
Cybercrime can be basically categorized into three parts:
1. Cyber Crimes against persons
2. Cyber Crimes against property
3. Cyber Crimes against government.
1. Cybercrimes against persons
Cybercrimes committed against persons include various crimes like transmission of child pornography, harassment of any one with the use of a computer such as e-mail. The trafficking, distribution, posting, and dissemination of obscene material including pornography and indecent exposure, constitutes one of the most important Cybercrimes known today. The potential harm of such a crime to humanity can hardly be amplified.
2. Cybercrimes against property
The second category of Cyber-crimes is that of Cybercrimes against all forms of property. These crimes include computer vandalism (destruction of others’ property), transmission of harmful programmes.
3. Cybercrimes against government
The third category of Cyber-crimes relate to Cyber Crimes against Government. Cyber terrorism is one distinct kind of crime in this category.
The growth of internet has shown that the medium of Cyberspace is being used by individuals and groups to threaten the international governments as also to terrorize the citizens of a country.
This crime manifests itself into terrorism when an individual “cracks” into a government or military maintained website.
• Malware Where victims are hit with a worm or virus that renders their devices useless
• Man in the Middle Where a hacker puts himself between a victim’s machine and a router to sniff data packets
• Phishing Where a hacker sends a seemingly legitimate-looking email asking users to disclose personal information other types of cyber-attacks include cross-site scripting attacks, password attacks, eavesdropping attacks (which can also be physical), SQL-injection attacks, and birthday.
Cyber Criminals Motivation
The main motive behind the cybercrime is to disrupt regular business activity and critical infrastructure.
Cybercriminals also commonly manipulate stolen data to benefit financially, cause financial loss, damage a reputation, achieve military objectives, and propagate religious or political beliefs.
Some do not even need a motive and might hack for fun or simply to showcase their skills. So who are these cybercriminals? Here is a breakdown of the most common types:
1. Black-Hat Hackers
A black hat hacker is typically one that engages in cybercrime operations and uses hacking for financial gain, cyber espionage purposes or other malicious motives, like implanting malware into computer systems. Gray-Hat Hackers.
2. White-Hat Hackers
A white hat hacker, also called an ethical hacker, is the antithesis of a black hat hacker. White hat hackers are not cybercriminals, rather they are security specialists hired by organizations to conduct tasks such as penetration tests and vulnerability assessments on their systems to improve their security defenses. When working as pen testers, white hat hackers conduct tests and attacks on networks, websites and software in order to identify possible vulnerabilities.
They also follow established rules, such as bug bounty policies. They will notify the affected organizations directly of any issues so that a patch can be released or other steps taken to fix the flaw.
3. Suicide Hackers
Suicide hackers are individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment. They are similar to suicide bombers, who sacrifice their life for an attack and are thus not concerned with the consequences of their actions.
4. Script Kiddies
A derogatory term often used by amateur hackers who do not care much about the coding skills. These hackers usually download tools or use available hacking codes written by other developers and hackers. Their primary purpose is usually to impress their friends or gain attention.
However, they do not care about learning. By using off-the-shelf codes and tools, these hackers may launch some attacks without bothering for the quality of the attack. Commonest cyber-attacks by script kiddies might include DoS and DDoS attacks.
5. Gray Hats Hackers
Gray hat hacker’s fall somewhere in between white hat and black hat hackers. While they will not use their skills for personal gain, they can, however, have both good and bad intentions. As an example, a hacker who hacks into a corporation and finds some vulnerability may leak it over the web or inform the organization about it. It all depends upon the hacker. Nevertheless, as soon as hackers use their hacking skills for personal gain they become black hat hackers. There’s a fine line between these two.
6. Blue Hats Hackers
These are another form of novice hackers very similar to script kiddies whose main agenda is to require revenge on anyone who makes them angry. They need no desire for learning and should use simple cyber-attacks like flooding your IP with overloaded packets which can result in DoS attacks.
A script kiddie with a vengeful agenda is often considered a blue hat hacker.
7. Malicious Insider or Whistle blower
A malicious insider or a whistle blower could also be an employee with a grudge or a strategic employee compromised or hired by rivals to garner trade secrets of their opponents to remain on top of their game. These hackers may take privilege from their quick access to information and their role within the corporate to hack the system.
8. State/Nation Sponsored
Hackers State or Nation sponsored hackers are those that have been employed by their state or nation’s government to snoop in and penetrate through full security to realize tip from other governments to stay at the highest online. They have an endless budget and extremely advanced tools at their disposal to target individuals, companies or rival nations.
9. Hacktivist Hackers
Hacktivist is when hackers break into government or corporate computer systems as an act of protest. Hacktivists use hacking to increase awareness of their social or political agendas, as well as themselves, in both the online and offline arenas. They are individuals who promote a political agenda by hacking, especially by defacing or disabling websites.
Common hacktivist targets include government agencies, multinational corporations, or any other entity that they perceive as a threat. It remains a fact, however, that gaining unauthorized access is a crime, irrespective of their intentions.
Conclusion on Scope of Cyber Crimes
While click fraud appears to be a problem with a scope limited to just advertisers and ad networks, fraudsters’ use of infected computers to click ad links makes click fraud a problem for everyone with a computer. Being part of a click fraud botnet consumes a system’s bandwidth and displays additional advertisements to the user, which is usually undesirable.
Systems connected to the Internet are at risk of infection from exposure to social-engineering attacks or vulnerability exploitation. Regardless of the infection vector, compromised machines can wait for commands from the attacker, which turns the system into a bot.