A REAL TIME CASE STUDY ON CYBER CRIME

By T.BALA GANESH ROLL NO 3

what is cyber crime?

There is a wide range of offences that can be committed through communication technology. Cyber crimes are commonly considered as falling into one of two categories: new offences committed using new technologies, such as offences against computer systems and data, dealt with in the Computer Misuse Act 1990; and old offences committed using new technology, where networked computers and other devices are used to facilitate the commission of an offence. In the former are crimes such as hacking or breaking into computer systems to steal or alter data; in the latter, crimes such as the transfer of illegal images or fraud. The former are often a precursor to the latter, based on motives of financial gain. However, while the focus is often on online fraud or child protection, there is a significant number of other offences committed through the internet, such as harassment, threatening behaviour and other anti-social activity.

The Home Office believes that actions should be legal or illegal according to their merits, rather than the medium used, so that what is illegal offline should be illegal online. The Home Office believes that the internet and other communication technologies are the conduit for the criminal activity for such groups, rather than being the cause. We are committed to ensuring that where additional legislative or regulatory tools are appropriate to tackle cyber crimes these are introduced swiftly and effectively. For the sake of consistency, the term cyber crime will be used throughout this document, although there are other terms, such as e-crime, that are regularly used. We also recognise that the term cyber crime does not fully reflect the issues of child protection involving the internet and associated technologies.

Cyber crime affecting business

Crime is an aspect of society that adversely affects us all. Cyber-crime is a recent addition to the list of crimes that affect us, whether directly or indirectly. Until recently much cyber-crime was not directly prosecutable in South Africa due to the lack of applicable controlling legislation. That what was prosecutable often relied heavily on the judgment under common law or statutory legislation under non-related (i.e. not computer related) acts. Business is adversely affected by crime, regardless of the type. Cyber-crime can be any kind of crime, ranging from hacking (seen as spying) to more serious damage of intellectual property (Defacing websites) Almost any kind of commercial related crime can be duplicated as cyber-crime. Businesses often lose millions in cyber-attacks, not necessarily through direct theft but by the loss of service to customers and damage to the companys image.

According to the 2010 Computer Security Institutes computer crime and security survey on security trends and issues, 90 percent of respondents detected computer security breaches within 12 months with 80 percent acknowledging financial losses from these violations [Computer security institute, 2011; IT link 2011: 26]. A Merrill Lynch survey, which was released in July 2010, indicated that security is the number two concerns of all Chief Information Officers (CIOs). One reason according to Rusine Mitchell-Sinclair, general manager of safety and security protection services at IBM is the September 11th events as well as the fact that people recognize that security is important to protect assets. In South Africa too cyber crime is on the increase as was evident from the ABSA Bank fraud case Therefore risk assessment is high on the agenda. People want to know how good their security is in order to close the gaps that they have. Therefore the critical infrastructure protection issue in information security is the real focus here. United States

analysts also believe that by disabling or taking command of flood gates 2 in a dam, or of substations handling 300,000 volts of electric power, an intruder could use virtual tools to destroy real-world lives and properties .The director of the FBIs National Infrastructure Protection Centre, (Ronald Dick) has the same concerns. He fears a successful cyberattack on respondents 911 or on a power grid more than a physical attack.

A real time case study: Sony Company affected by cyber crime

Culver City-based Sony Pictures Entertainment Inc., the television and movie studio for the Japanese electronics giant, confirmed late Friday that it been hacked and was working with the FBI to identify the attacker.

In a statement, the studio's chairman Michael Lynton and co-chairman Amy Pascal said that a "cyber-crime wave that has affected Sony companies and a number of government agencies, businesses and individuals in recent months has hit Sony Pictures as well."

"[Thursday] afternoon a group of criminal hackers known as 'LulzSec' claimed to have breached some of our websites," the statement said. "We have confirmed that a breach has occurred and have taken action to protect against further intrusion."

The studio said it had hired "a respected team of outside experts is conducting a forensic analysis of the attack." In addition, it said it had contacted the FBI and was "working with them to assist in the identification and apprehension of those responsible for this crime."

"We deeply regret and apologize for any inconvenience caused to consumers by this cyber-crime," the statement said.

On Friday, LulzSec, a hacker group which has claimed responsibility for hacking PBS' and Sony's websites recently, posted personal data from Sony Pictures servers.

The group posted the data to the website Pastebin and the Associated Press reported that it had verified it with people whose information -- including user names, passwords, addresses and phone numbers -- was leaked and indeed from Sony.

Cyber crime in Scotland Communications telecommunications sector.

Recent survey by Symantec claims that this year, cyber crime will cost the UK economy an estimated 1.9 billion, or 103 per cyber crime victim, and that an estimated 19 million Brits almost a third of the population will be affected by cyber crime in some that during 2011.

Cyber crime has already come to the North-east with at least one company receiving an email ransom demand after a hacker accessed its computer system and encrypted 50 gigabytes of data. This probably happens more often but it isnt spoken about much because people are embarrassed to admit their security is so lax that they have been hacked, and the amount of money demanded isnt very high, according to Bruce Skinner, managing director of Pisys Net, who managed to rescue almost all the kidnapped data. Its the first time in eight years of working in IT that Bruce has experienced this.

We had recently taken on the company and were sorting out a lot of their IT issues, he explained. But before we persuaded them to address all the security needs, their system was hacked into. The weakness of the company passwords and use of internal remote access software meant that hacking was possible.

The hacker, who could be based anywhere in the world, had logged on and managed to access the server to see how it had been set up, realized there was an operations system on one drive and all the company data on the other. So all he had to do was install some encryption software which is available to buy on the internet for about $20, create an encryption folder and drag all the data into it. If you dont have the encryption password youre never going to get that data back. Its still there on the server, you just cant get into it. The hacker then sent an email (attached) with his terms and conditions. But the risk is, if you pay up will you get the key? Will you be seen as an easy target? And if you pay you are giving in to cyber crime.

In this case, Bruce and the Pisys-net team managed to recover virtually all the data because so much of it had been backed up and printed off. The way to avoid being hacked like this is to be protected by firewall and a VPN connection if you need remote access. Have a backup thats changed over every day at an offsite backup centre. VPN stands for Virtual Private Network and can be set up for about 400 a site.

The other essential is to have secure passwords. They should always contain a mixture of upper and lower case letters and at least one number. Its very unlikely that password cracking software will work that out. If someone uses the word password as their password, thats asking for trouble but even my making it a word more memorable to you with one upper case letter and one number in it should protect your system.

The effects of Cyber Crime on business

Whether your business is manufacturing, retail, wholesale, service, hospitality or high tech, it is probably experiencing some degree of employee & criminal theft via the Internet. The list of items stolen from employers is endless. In fact, it is estimated that 95 percent of all businesses experience theft and management is seldom aware of the actual extent of losses or even the existence of theft. When CyberCrime attacks your business or one of your employees, it can cost your business time, productivity and most of all, money. It is estimated that small- medium businesses lose thousands of dollars per incident.

Some of the most common Internet Crimes that can affect your business are: Wireless & Network Intrusions SPAM, Viruses, Malware & Trojans Fake websites, URL's and Credit Card Fraud Employee Theft

So, how do these affect your business?

Wireless & Network Intrusions

How would you like your company, your employees or yourself to be responsible for CyberCrime and you not even know it? All networks and wireless connections are a perfect safe haven for cyber criminals to work their magic. Cyber criminals hack into your network, assume your company and network identity; they then in turn steal from you and your clients. They can then send pornography and hate crime emails, fraudulent offers, etc. By taking over your company identity they are protecting themselves and exposing your company to unlawful practices.

Protect yourself and your company: Apply updates, Secure your wireless with a WEP key*, and Enable firewalls

*WEP stands for Wired Equivalent Privacy, a standard for WiFi wireless network security. But what exactly are WEP keys? . A WEP key is a security code used on some WiFi networks. WEP keys allow a group of devices on a local network (such as a home network) to exchange encoded messages with each other while hiding the contents of the messages from easy viewing by outsiders.

SPAM, Viruses, Malware & Trojans

Computer viruses can be contracted through a variety of ways & come in many different forms. Viruses come from emails, infected software, free downloads (music or program) & general Internet surfing. Spam, Viruses, Malware & Trojans can be used to steal your identity and mass-market such items as porn and dating sites, pharmaceuticals and much

more. By emailing you a virus and you opening it, Cyber criminals can use your computer and servers to mass email all types of advertising to hundreds of people making them believe that this information is coming from you. These unlawful emails can cause your domain (your email and website, i.e. sjkberinger.com) to be shut down, and your reputation and company to be non-existent.

Protect yourself and your company: Apply regular security updates, have SPAM filters in place, and Use Adware and/or anti-Spyware programs.

Fake websites, URL's and Credit Card Fraud

This is a growing problem. Cyber criminals are sending out emails that appear to be legit: your bank, wanting you to update your information, the government giving you a refund, your credit card company doubling your reward miles or friends and family sending you a card. When you or your employees fall for any of these frauds, you could be giving away private information to cyber criminals. Once these cyber criminals get your personal information they are off and running. They can use your information all over the Internet for unauthorized purchases, identity theft and even to access your bank account.

Protect yourself and your company: don't use links from emails to update personal information. Never give anyone your user name or password. Change your login password often, make sure you and your employees know your policies for the Internet & email use - go over them regularly.

Employee Theft

Employees are 95% of the problem when it comes to cyber crime. Without safeguards, any business is susceptible to fraud especially common forms of online check tampering, credit card abuse, database and personal information theft. Employees have access to a wealth of company information that can be used for embezzlement. They can use this information to steal your customers and/or steal their information and then use that information for their own personal gain. For instance they can use the credit cards for personal purchases and or sell that information to others.

Protect yourself and your company: Conduct surveys and audits of your business and have in place a Loss Prevention Program. Having procedures in place to protect you and your employee against employee theft might just help with employer/employee relationships.

Loss Of Revenue

One of the main effects of cyber crime on a company is a loss of revenue. This loss can be caused by an outside party who obtains sensitive financial information, using it to withdraw funds from an organization. It can also occur when a business's e-commerce site becomes compromised--while inoperable, valuable income is lost when consumers are unable to use the site.

Wasted Time

Another major effect or consequence of cyber crime is the time that is wasted when IT personnel must devote great portions of their day handling such incidences. Rather than working on productive measures for an organization, many IT staff members spend a large percentage of their time handling security breaches and other problems associated with cyber crime.

Damaged Reputations

In cases where customer records are compromised by a security breach associated with cyber crime, a company's reputation can take a major hit. Customers whose credit cards or other financial data become intercepted by hackers or other infiltrators lose confidence in an organization and often begin taking their business elsewhere.

Reduced Productivity

Due to the measures that many companies must implement to counteract cyber crime, there is often a negative effect on employees' productivity. This is because, due to security measures, employees must enter more passwords and perform other timeconsuming acts in order to do their jobs. Every second wasted performing these tasks is a second not spent working in a productive manner.