Cyber Crime & Criminals PDF

Summary

This document provides a general overview of cybercrime. It discusses different types of cybercrimes, including property theft, identity theft, hacking, and theft. It also explains concepts like phishing attacks, malware, ransomware, and how to protect yourself online.

Full Transcript

 GE EL 103

CYBERCRIME
AND CRIMINALS

MR. JASTIN JAY R. CACHOLA
General Education Department
College of Arts & Sciences
Bukidnon State University
 WHAT IS
CYBERCRIME?
 CYBERCRIME
Cybercrime refers to any crime that happens
inside or sometimes, outside cyberspace that
involves a computer/mobile and a network.
The computer may have been used in the
commission of a crime, or it may be the
target; cyberspace being the combining term
which relates to the whole aspects of
information technology and the internet.
 HISTORY OF
CYBERCRIME
 1971 – JOHN DRAPER
John Draper, a phone phreak,
discovers that a whistle given out as
a prize in boxes of Cap’n Crunch
Cereal produced the same tones as
telephone switching computers of the
time. He built a “blue box” with the
whistle that would allow him to make
free long-distance phone calls, and
then published instruction on how to
make it. Because of this, the
instances of wire fraud rose
significantly.
 1978 – ELECTRONIC BULLETIN
BOARD SYSTEM
The first electronic bulletin
board system came online
and quickly became a
preferred method of
communication for the cyber
world. It allowed fast, free
exchange of knowledge
including tips and tricks for
hacking into computer
networks.
 1981 – IAN “CAPTAIN ZAP”
MURPHY
Ian Murphy, known as Captain Zap to his fans,
was the first person convicted of a cybercrime.
He hacked into the AT&T network and changed
the internal clock to charge off-hours rates at
peak times.
He received 1,000 hours of community service
and 2.5 years of probation, a mere slap on the
wrist compared to today’s penalties, and was
the inspiration for the movie Sneakers.
 1982 – RICHARD SKRENTA’S
ELK VIRUS
Elk Cloner, a virus, is written
as a joke by a 15-year-old kid.
It is one of the first known
viruses to leave its original
operating system and spread
in the “wild”. It attacked Apple
II operating systems and
spread by floppy disk.
 2000 – Onel De Guzman’s
ILOVEYOU Virus
De Guzman designed the
ILOVEYOU virus to target
local users in the Philippines,
aiming to steal dial-up
internet access passwords. At
that time, such passwords
were necessary for
connecting to the internet,
which he could not afford
CATEGORIES OF
CYBERCRIME
 PROPERTY
This is similar to a real-life instance
of a criminal illegally possessing an
individual’s bank or credit card
details. The hacker steals a person’s
bank details to gain access to funds,
make purchases online or run
phishing scams to get people to give
away their information. They could
also use malicious software to gain
access to a web page with
confidential information.
 INDIVIDUAL
This category of cybercrime involves
one individual distributing malicious
or illegal information online. This can
include cyberstalking, distributing
pornography and trafficking.
 GOVERNMENT
This is the least common cybercrime,
but is the most serious offense. A
crime against the government is also
known as cyber terrorism.
Government cybercrime includes
hacking government websites,
military websites or distributing
propaganda. These criminals are
usually terrorists or enemy
governments of other nations.
COMMON TYPES OF
CYBERCRIME
IDENTITY THEFT
It is done by a
perpetrator to commit
fraud for financial
gains through fake
credentials and by
purporting to be
someone else.
 HACKING
It is done by using
computer systems to
gain access to business
trade secrets and
personal information for
malicious and other
exploitive purposes.
 THEFT
Another common cybercrime
which some internet users are
not even aware of is piracy.
Have you ever downloaded
software, games, music or
movies from questionable sites
or using shady means? Illegal
downloading is a cybercrime,
as downloading pirated content
violates copyright laws.
 PHISHING
It is the fraudulent attempt to
obtain sensitive information
such as usernames, passwords
and credit card details by
disguising oneself as a
trustworthy entity in an
electronic communication.
 ROOTKIT
It is a collection of computer
software, typically malicious,
designed to enable access to a
computer or an area of its
software that is not otherwise
allowed (for example, to an
unauthorized user) and often
masks its existence or the
existence of other software.
CYBERBULLYING & STALKING
Cyber Bullying is a kind of online
harassment which involves the barrage of
messages, emails and other forms of
online communication, sometimes with the
perpetrator using a hidden or fake online
identity. Cyberstalking is the use of the
Internet or other electronic means to stalk
or harass an individual, group, or
organization. It may include false
accusations, defamation, slander and libel.
MALICIOUS SOFTWARE
Commonly known as Malware—malicious
software aims to damage or disrupt a
computer system, device or computer
network. Typical examples include
computer viruses, trojan horses, spyware,
spams and worms, among others. Malware
has a malicious intent, acting against the
interest of a computer user.
To make it worse, cyberattacks are usually
done in a different location, using a remote
computer. This makes it difficult to track
down cybercriminals, with differing crime
and cyber laws in each country. Constant
vigilance from the individual is the first
step in preventing these attacks from
happening.
 NOTE:
Large and highly organized
groups also exist which can
carry out massive, targeted
attacks. They treat cybercrime
as a business, even forming
global communities which
share strategies and tools.
 THE
CYBERCRIMINALS
 HACKERS
A hacker is someone who explores
methods for breaching defenses and
exploiting weaknesses in a computer
system or network. Hacker groups often
create tools for hacking and distribute
these through questionable sites and
channels. Hackers are generally classified
according to their attitudes and methods:
SCRIPT KIDDIES
A hacker who breaks into
computer systems by using
automated tools written by
others, and thus lack the
technical expertise. Usually,
they are only able to hack sites
with poor security.
 CRACKERS
They unauthorized access to a
computer in order to commit
another crime such as
destroying information
contained in that system.
 WHITE HATS
Called ethical hackers, white
hat hackers break security to
test security systems, perform
penetration tests, or
vulnerability assessments for a
client, or while working for a
security company which makes
security software.
 BLACK HATS
The stereotypical illegal
hacking groups portrayed as
villains or anti-heroes in
movies and popular culture.
Black hats are known to violate
computer security for little
reason beyond maliciousness
or for personal gain.
 GREY HATS
Lies between a white hat and
black hat hacker. May work
with or against you in any
scenario—a typical “double-
agent”.
 HACKTIVISTS
These groups develop malware for
political reasons and are not interested
in financial gains. A well-known example
is Anonymous—an international network
of hacktivists that started out by hacking
corporate and government sites,
implementing denial-of-service on these
sites–all well-publicized. They currently
have localized networks in different
countries.
IDENTITY THIEVES
Identity thieves are cyber criminals who
try to gain access to their victims’
personal information and use it to make
financial transactions while impersonating
their victims.
INTERNET STALKERS
Internet stalkers are individuals who
maliciously monitor the online activity of
their victims to terrorize and/or acquire
personal information. This form of
cybercrime is conducted using social
networking platforms and malware, which
can track an individual’s computer activity
with very little detection. The motives for
such attacks can differ depending on the
cybercriminal, but many internet stalkers
seek to acquire important information that
they can use for bribery and/or slander.
CYBER TERRORISTS
The key difference between an act of
cyberterrorism and a regular
cyberattack is that within an act of
cyber terrorism, hackers are
politically motivated, as opposed to
just seeking financial gain.
SCAMMERS & PHISHERS
Personal ads, dating ads, even discount
promotions received through emails are some
creative schemes employed by these
perpetrators. Phishers obtain important
information from victims by sending e-mails or
messages by posing as legitimate organizations
or institutions, such as your bank. Replying or
clicking through certain links usually redirect the
target to fake sites that ask for personal
information or credentials. Such sites can tarnish
the company’s reputation and brand, which could
potentially lead to a decrease in earnings.
 INSIDERS
Malicious threat to an organization that comes
from people within the organization, such as
employees, former employees, contractors or
business associates, who have inside
information concerning the organization's
security practices, data and computer systems.
The threat may involve fraud, the theft of
confidential or commercially valuable
information, the theft of intellectual property, or
the sabotage of computer systems.
MALICIOUS INSIDER
People who take advantage of
their access to inflict harm on
an organization
NEGLIGENT INSIDER
People who make errors and
disregard policies, which place
their organizations at risk
INFILTRATORS
People who are external actors
obtain legitimate access
credentials without
authorization.
 TYPES OF
ATTACKS
MALWARE
It is a software that
is developed to
disrupt computer,
server, client, or
computer network.
 PHISHING
To steal private information
such as credit card details,
login ID and passwords, and
etc. by impersonating oneself
as a reliable establishment in
electronic communication.
MAN-IN-THE-MIDDLE
The invader covertly modifies
the chats and dialogues
between two people, making
them believe that they are
both directly talking to each
other, while stealing
information in the process.
DENIAL OF SERVICE
(DoS)
The attacker tries to make
digital assets inaccessible to
its anticipated users (e.g. not
being able to access a certain
website in an indefinite period
of time regardless of fast
internet speed).
CROSS-SITE SCRIPTING
Attacks the malicious scripts
are embedded to reliable
websites (e.g. ads that send
you to suspicious websites
that are not related to the one
you are currently browsing).
CREDENTIAL REUSE ATTACK
With almost every personal account asking
for IDs and passwords, we tend to reuse
them for various accounts. Though it is a
big NO, we tend to reuse one id and
password for many accounts. Reusing the
same password can be a big threat to your
security. The intruders can steal your
usernames and passwords from a hacked
website and they get a chance to log in to
your other account using the same id and
passwords.
DRIVE-BY DOWNLOAD ATTACK
It is a common method used by hackers to
spread malicious scripts or codes on
user’s systems. Attackers embed a
malicious script into an insecure website’s
pages. Whenever you visit such websites,
the scripts will automatically install on
your system or might redirect you to a
website that is controlled by the attacker.
“Cybersecurity is the
number one problem
with mankind.”
- Warren Buffet
It is estimated that by 2021, the damages from
cybercrime are set to hit $6 trillion. And any
dollar amount with a “t” in it is kind of a big deal.
When you consider that just last the few years
the number was still in the billions, you can see
how dangerous this is — and why Buffet is so
concerned.
 HOW DOES THIS GET
TO THAT AMOUNT?
In the cyber security world, any new
upgrade to your security system
equals to spending of money. Also, if
being attacked means that your
system doesn’t work, it may lead to
monetary losses too.
 DATA BREACHES
A data breach is the intentional or
unintentional release of secure or
private/confidential information to an
untrusted environment—like the giant
Equifax breach or the Yahoo email breach
that affected billions of people around the
globe—but in truth, it’s difficult to protect
yourself against corporate data breaches.
 PHISHING ATTACKS
Phishing is the fraudulent attempt to obtain
sensitive information or data, such as
usernames, passwords and credit card details,
by disguising oneself as a trustworthy entity in
an electronic communication. Phishing attacks
come in many forms — emails that look like
they’re from a legit company, fake websites,
and more.
 RANSOMWARE
A ransomware attack is where
your personal data is effectively
held hostage by a hacker. To
release your files, the hacker will
request money.
 MALWARE
Malware is effectively a virus. It
gets injected onto your system
via things like phishing attacks
and is then often used to monitor
what you’re doing online,
discover your passwords, place
pop-ups for shady advertisers,
and so on.
 IDENTITY THEFT
The fraudulent acquisition and
use of a person's private
identifying information, usually
for financial gain.
 SCAMS
It is a type of cybercrime fraud or
deception which makes use of
the Internet and could involve
hiding of information or
providing incorrect information
for the purpose of tricking
victims out of money, property,
and inheritance.
STAYING SAFE
ONLINE
NETWORK ENCRYPTION
A security protocol implemented
at the network level encrypts
data, so network access is limited
to authorized computers.
 PROXIES
A security strategy which
connects users to a remote
location so that their data and
information is encrypted.
 FIREWALLS
Crucial network security device
that monitors and controls
incoming and outgoing network
traffic based on predetermined
security rules. It acts as a barrier
between a trusted internal
network and untrusted external
networks, such as the internet,
helping to prevent unauthorized
access and cyber threats.
CYBER LIABILITY INSURANCE
Legal protection that can protect
a business or organization from
liability during a data breach.
Cyber liability insurance has
become important with the
increasing number of social
security and credit card numbers
stolen.
 ADD EXTRA LAYER
OF AUTHENTICATION
If possible, try to enable 2-factor
authentication. This adds an extra
layer of security to your accounts.
You need more than just your
password to login; you also need
another form of authentication,
often in the form of a code sent to
you via text to your phone.
INSTALL A VIRTUAL
PRIVATE NETWORK
Use a VPN on a public WiFi.
Public WiFi—like you'd find inside
the campus—is unencrypted,
meaning anyone can access your
sensitive data. A VPN is an app
that encrypts your web traffic,
making it 'invisible' to hackers
and keeping your private info
safe.
KEEP TABS ON CREDIT
Context: A credit score is a
number between 300–850 that
depicts a consumer's
creditworthiness. The higher the
score, the better a borrower looks
to potential lenders. A credit
score is based on credit history:
number of open accounts, total
levels of debt, and repayment
history, and other factors.
PROTECT YOUR PASSWORD
Utilize a password manager for it
helps in defending against criminals
by generating and storing a different
password—one that's long and
complicated—for each of your online
accounts. Or, try using password
encryption—which translates data into
another form, or code, so that only
people with access to a secret key
(formally called a decryption key) or
password can read it.