Cyber Crime & Criminals PDF
Document Details
Uploaded by Deleted User
Bukidnon State University
Mr. Justin Jay R. Cacholia
Tags
Summary
This document provides a general overview of cybercrime. It discusses different types of cybercrimes, including property theft, identity theft, hacking, and theft. It also explains concepts like phishing attacks, malware, ransomware, and how to protect yourself online.
Full Transcript
GE EL 103 CYBERCRIME AND CRIMINALS MR. JASTIN JAY R. CACHOLA General Education Department College of Arts & Sciences Bukidnon State University WHAT IS CYBERCRIME? CYBERCRIME Cybercrime refers to any crime that happens inside or sometimes, outside cyberspace tha...
GE EL 103 CYBERCRIME AND CRIMINALS MR. JASTIN JAY R. CACHOLA General Education Department College of Arts & Sciences Bukidnon State University WHAT IS CYBERCRIME? CYBERCRIME Cybercrime refers to any crime that happens inside or sometimes, outside cyberspace that involves a computer/mobile and a network. The computer may have been used in the commission of a crime, or it may be the target; cyberspace being the combining term which relates to the whole aspects of information technology and the internet. HISTORY OF CYBERCRIME 1971 – JOHN DRAPER John Draper, a phone phreak, discovers that a whistle given out as a prize in boxes of Cap’n Crunch Cereal produced the same tones as telephone switching computers of the time. He built a “blue box” with the whistle that would allow him to make free long-distance phone calls, and then published instruction on how to make it. Because of this, the instances of wire fraud rose significantly. 1978 – ELECTRONIC BULLETIN BOARD SYSTEM The first electronic bulletin board system came online and quickly became a preferred method of communication for the cyber world. It allowed fast, free exchange of knowledge including tips and tricks for hacking into computer networks. 1981 – IAN “CAPTAIN ZAP” MURPHY Ian Murphy, known as Captain Zap to his fans, was the first person convicted of a cybercrime. He hacked into the AT&T network and changed the internal clock to charge off-hours rates at peak times. He received 1,000 hours of community service and 2.5 years of probation, a mere slap on the wrist compared to today’s penalties, and was the inspiration for the movie Sneakers. 1982 – RICHARD SKRENTA’S ELK VIRUS Elk Cloner, a virus, is written as a joke by a 15-year-old kid. It is one of the first known viruses to leave its original operating system and spread in the “wild”. It attacked Apple II operating systems and spread by floppy disk. 2000 – Onel De Guzman’s ILOVEYOU Virus De Guzman designed the ILOVEYOU virus to target local users in the Philippines, aiming to steal dial-up internet access passwords. At that time, such passwords were necessary for connecting to the internet, which he could not afford CATEGORIES OF CYBERCRIME PROPERTY This is similar to a real-life instance of a criminal illegally possessing an individual’s bank or credit card details. The hacker steals a person’s bank details to gain access to funds, make purchases online or run phishing scams to get people to give away their information. They could also use malicious software to gain access to a web page with confidential information. INDIVIDUAL This category of cybercrime involves one individual distributing malicious or illegal information online. This can include cyberstalking, distributing pornography and trafficking. GOVERNMENT This is the least common cybercrime, but is the most serious offense. A crime against the government is also known as cyber terrorism. Government cybercrime includes hacking government websites, military websites or distributing propaganda. These criminals are usually terrorists or enemy governments of other nations. COMMON TYPES OF CYBERCRIME IDENTITY THEFT It is done by a perpetrator to commit fraud for financial gains through fake credentials and by purporting to be someone else. HACKING It is done by using computer systems to gain access to business trade secrets and personal information for malicious and other exploitive purposes. THEFT Another common cybercrime which some internet users are not even aware of is piracy. Have you ever downloaded software, games, music or movies from questionable sites or using shady means? Illegal downloading is a cybercrime, as downloading pirated content violates copyright laws. PHISHING It is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. ROOTKIT It is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. CYBERBULLYING & STALKING Cyber Bullying is a kind of online harassment which involves the barrage of messages, emails and other forms of online communication, sometimes with the perpetrator using a hidden or fake online identity. Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group, or organization. It may include false accusations, defamation, slander and libel. MALICIOUS SOFTWARE Commonly known as Malware—malicious software aims to damage or disrupt a computer system, device or computer network. Typical examples include computer viruses, trojan horses, spyware, spams and worms, among others. Malware has a malicious intent, acting against the interest of a computer user. To make it worse, cyberattacks are usually done in a different location, using a remote computer. This makes it difficult to track down cybercriminals, with differing crime and cyber laws in each country. Constant vigilance from the individual is the first step in preventing these attacks from happening. NOTE: Large and highly organized groups also exist which can carry out massive, targeted attacks. They treat cybercrime as a business, even forming global communities which share strategies and tools. THE CYBERCRIMINALS HACKERS A hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hacker groups often create tools for hacking and distribute these through questionable sites and channels. Hackers are generally classified according to their attitudes and methods: SCRIPT KIDDIES A hacker who breaks into computer systems by using automated tools written by others, and thus lack the technical expertise. Usually, they are only able to hack sites with poor security. CRACKERS They unauthorized access to a computer in order to commit another crime such as destroying information contained in that system. WHITE HATS Called ethical hackers, white hat hackers break security to test security systems, perform penetration tests, or vulnerability assessments for a client, or while working for a security company which makes security software. BLACK HATS The stereotypical illegal hacking groups portrayed as villains or anti-heroes in movies and popular culture. Black hats are known to violate computer security for little reason beyond maliciousness or for personal gain. GREY HATS Lies between a white hat and black hat hacker. May work with or against you in any scenario—a typical “double- agent”. HACKTIVISTS These groups develop malware for political reasons and are not interested in financial gains. A well-known example is Anonymous—an international network of hacktivists that started out by hacking corporate and government sites, implementing denial-of-service on these sites–all well-publicized. They currently have localized networks in different countries. IDENTITY THIEVES Identity thieves are cyber criminals who try to gain access to their victims’ personal information and use it to make financial transactions while impersonating their victims. INTERNET STALKERS Internet stalkers are individuals who maliciously monitor the online activity of their victims to terrorize and/or acquire personal information. This form of cybercrime is conducted using social networking platforms and malware, which can track an individual’s computer activity with very little detection. The motives for such attacks can differ depending on the cybercriminal, but many internet stalkers seek to acquire important information that they can use for bribery and/or slander. CYBER TERRORISTS The key difference between an act of cyberterrorism and a regular cyberattack is that within an act of cyber terrorism, hackers are politically motivated, as opposed to just seeking financial gain. SCAMMERS & PHISHERS Personal ads, dating ads, even discount promotions received through emails are some creative schemes employed by these perpetrators. Phishers obtain important information from victims by sending e-mails or messages by posing as legitimate organizations or institutions, such as your bank. Replying or clicking through certain links usually redirect the target to fake sites that ask for personal information or credentials. Such sites can tarnish the company’s reputation and brand, which could potentially lead to a decrease in earnings. INSIDERS Malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems. MALICIOUS INSIDER People who take advantage of their access to inflict harm on an organization NEGLIGENT INSIDER People who make errors and disregard policies, which place their organizations at risk INFILTRATORS People who are external actors obtain legitimate access credentials without authorization. TYPES OF ATTACKS MALWARE It is a software that is developed to disrupt computer, server, client, or computer network. PHISHING To steal private information such as credit card details, login ID and passwords, and etc. by impersonating oneself as a reliable establishment in electronic communication. MAN-IN-THE-MIDDLE The invader covertly modifies the chats and dialogues between two people, making them believe that they are both directly talking to each other, while stealing information in the process. DENIAL OF SERVICE (DoS) The attacker tries to make digital assets inaccessible to its anticipated users (e.g. not being able to access a certain website in an indefinite period of time regardless of fast internet speed). CROSS-SITE SCRIPTING Attacks the malicious scripts are embedded to reliable websites (e.g. ads that send you to suspicious websites that are not related to the one you are currently browsing). CREDENTIAL REUSE ATTACK With almost every personal account asking for IDs and passwords, we tend to reuse them for various accounts. Though it is a big NO, we tend to reuse one id and password for many accounts. Reusing the same password can be a big threat to your security. The intruders can steal your usernames and passwords from a hacked website and they get a chance to log in to your other account using the same id and passwords. DRIVE-BY DOWNLOAD ATTACK It is a common method used by hackers to spread malicious scripts or codes on user’s systems. Attackers embed a malicious script into an insecure website’s pages. Whenever you visit such websites, the scripts will automatically install on your system or might redirect you to a website that is controlled by the attacker. “Cybersecurity is the number one problem with mankind.” - Warren Buffet It is estimated that by 2021, the damages from cybercrime are set to hit $6 trillion. And any dollar amount with a “t” in it is kind of a big deal. When you consider that just last the few years the number was still in the billions, you can see how dangerous this is — and why Buffet is so concerned. HOW DOES THIS GET TO THAT AMOUNT? In the cyber security world, any new upgrade to your security system equals to spending of money. Also, if being attacked means that your system doesn’t work, it may lead to monetary losses too. DATA BREACHES A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment—like the giant Equifax breach or the Yahoo email breach that affected billions of people around the globe—but in truth, it’s difficult to protect yourself against corporate data breaches. PHISHING ATTACKS Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Phishing attacks come in many forms — emails that look like they’re from a legit company, fake websites, and more. RANSOMWARE A ransomware attack is where your personal data is effectively held hostage by a hacker. To release your files, the hacker will request money. MALWARE Malware is effectively a virus. It gets injected onto your system via things like phishing attacks and is then often used to monitor what you’re doing online, discover your passwords, place pop-ups for shady advertisers, and so on. IDENTITY THEFT The fraudulent acquisition and use of a person's private identifying information, usually for financial gain. SCAMS It is a type of cybercrime fraud or deception which makes use of the Internet and could involve hiding of information or providing incorrect information for the purpose of tricking victims out of money, property, and inheritance. STAYING SAFE ONLINE NETWORK ENCRYPTION A security protocol implemented at the network level encrypts data, so network access is limited to authorized computers. PROXIES A security strategy which connects users to a remote location so that their data and information is encrypted. FIREWALLS Crucial network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet, helping to prevent unauthorized access and cyber threats. CYBER LIABILITY INSURANCE Legal protection that can protect a business or organization from liability during a data breach. Cyber liability insurance has become important with the increasing number of social security and credit card numbers stolen. ADD EXTRA LAYER OF AUTHENTICATION If possible, try to enable 2-factor authentication. This adds an extra layer of security to your accounts. You need more than just your password to login; you also need another form of authentication, often in the form of a code sent to you via text to your phone. INSTALL A VIRTUAL PRIVATE NETWORK Use a VPN on a public WiFi. Public WiFi—like you'd find inside the campus—is unencrypted, meaning anyone can access your sensitive data. A VPN is an app that encrypts your web traffic, making it 'invisible' to hackers and keeping your private info safe. KEEP TABS ON CREDIT Context: A credit score is a number between 300–850 that depicts a consumer's creditworthiness. The higher the score, the better a borrower looks to potential lenders. A credit score is based on credit history: number of open accounts, total levels of debt, and repayment history, and other factors. PROTECT YOUR PASSWORD Utilize a password manager for it helps in defending against criminals by generating and storing a different password—one that's long and complicated—for each of your online accounts. Or, try using password encryption—which translates data into another form, or code, so that only people with access to a secret key (formally called a decryption key) or password can read it.