Assignment On

Internet Challenges on Cyber crimes & Abuses

Assignment 0n

Internet Challenges on Cyber crimes & Abuses

Course Code: MGT 555 Course Title: Management Information Systems (MIS)

SUBMITTED TO:
Md. Rahimullah Miah Lecturer Department of Business Administration Leading University, Sylhet

SUBMITTED BY:
Shanu Uddin Rubel ID: 1301010708 MBA Program Department of Business Administration Leading University, Sylhet

Submission Date: April 08, 2013

LEADING UNIVERSITY

Dedication:
This book is dedicated to my charming family members & My closest friends. Without all of your presence my world would not be nearly as colorful.

DECLARATION

This assignment paper is prepared by me. The title of this assignment is Internet Challenges on Cyber crimes & Abuses under the supervision of Mr. Md. Rahimullah Miah, Lecturer of MIS, Leading University, Sylhet, Bangladesh. Any duplication is prohibited without the permission of Author.

..

Shanu Uddin Rubel ID: 1301010708 MBA Program Department of Business Administration, Leading University, Sylhet, Bangladesh

Letter of Certificate

I am enormously pleased to declare that Mr. Shanu Uddin Rubel, ID No: 1301010708 a student of Department of Business Administration, MBA, Leading University, Sylhet. He has been completed assignment report on Internet Challenges on Cyber crimes & Abuses under my direct supervision. He has reviewed all the relevant information and issues of primary and secondary sources. He has completed his report with utmost sincerity, commitment and dedication. He has discussed different issues and problems with me to meet the requirement of research study and in preparing this assignment.

I believe they will try to do their best in all phase of their live.

. Md. Rahimullah Miah Lecturer Department of Business Administration Leading University, Sylhet, Bangladesh

LETEER OF SUBMISSION
08 April, 2013 To Md. Rahimullah Miah Lecturer Department of Business Administration Leading University, Sylhet, Bangladesh Subject: Submission of the assignment Report on Internet Challenges on Cyber crimes & Abuses

Dear Sir, I have selected the topic Internet Challenges on Cyber crimes & Abuses for writing an assignment for presentation and collection of primary and secondary data. To do so, I sought the relevant information in books, journals, and the assigned organization. I tried to collect all possible information and make this paper acceptable to all but there can be still existing mistake. So I like to request you to consider if any fault is found in paper. Lastly, I would like to request you to accepted my paper and permit me to present it before the panel of experts. Thank you in advance for your assistance and advice in this connection.

Sincerely yours,

.. Shanu Uddin Rubel ID: 1301010708 MBA Program Department of Business Administration, Leading University, Sylhet, Bangladesh

Acknowledgement

At the very beginning, I would like to express my deepest gratitude to the almighty Allah for giving me the strength and the ability to finish the task within the scheduled time.

I am very lucky that we have got lots of support or cooperation from various people while I am preparing this assignment. At first we express our respected our teacher Md. Rahimullah Miah, Lecturer of Leading University, Sylhet, Bangladesh for giving me such an opportunity to prepare an assignment on Internet Challenges on Cyber crimes & Abuses which is a great chance to increase my knowledge.

I am also thankful Md. Rahimullah Miah and our classmate who helped me directly and indirectly to prepare this report.

Table of contents

Sections
Abstract Chapter 1: Background of the study 1.1 Introduction 1.2 Methodology 1.3 Objectives 1.4 Scope of the study 1.5 Limitation of the study Chapter 2: General contest of the study 2.1 History 2.2 Definition of Cybercrime 2.3 Literature Review 2.4 Six Common Types of Cyber Crime 2.5 The Top 10 Kinds of Cybercriminals 2.6 Reasons for Cyber Crimes 2.7 Whos committing these crimes? 2.8 Victims of Cybercrime 2.9 Effects of Cyber Crime 2.10 Impacts of Cyber-Crime

Page No.
1

3 3 3 4 4

6 6 7-8 8-11 11-13 13-14 15 15 15-16 16-21

Chapter 3: Methodology of the study 3.1 Site Selection 3.2 Country Map 3.3 Data Collection 3.4 Data Analysis Chapter 4: Law enforcement & Preventive action against Cyber crime 4.1 International Cybercrime laws & countermeasures 4.1.1Technical 4.1.2 Economic 4.1.3 Legal 4.1.4 Behavioral 4.2 Cybercrime Laws and Scenario in Bangladesh 4.3 In recent times Bangladesh constituted Cyber Crime Tribunal 4.4 Unique Challenges on Cyber crimes & Abuses 4.5 Digital era poses new security challenges for Bangladesh 4.6 'IT is crucial to country's future' 4.7 Some steps to protecting yourself against Cyber Crime 4.7.1 Protecting against Investment Fraud 4.7.2 Protecting against Identity Theft 4.7.3 Secure Browser Settings

23 23 23 23

25 25 26 26-27 28 28-30 31-32 32-33 33-34 34-35 35 35 35-36 37-41

Chapter 5: Recommendations & Conclusion 5.1 Recommendations 5.2 Conclusion Chapter 6: References

43 44 46 48-49

Appendices

Abstract
Computers, the internet and electronic communications play an ever-increasing part in all our lives, with the use of the internet in the home, at work or in educational establishments now standard and continuing to grow. But some people use this technology for illegal activity. Cyber crime is no longer about those who seek to access computer systems for fun or to prove it can be done. The criminals behind such crimes are organized, and seek to take advantage of those using internet services. Whether this is for financial gain, or as threats to children, the effect on the victims can be devastating. The most vulnerable members of our society are all too often the victims from young people threatened by bullying or sexual predators to the elderly who provide easy prey for organized fraudsters. As more and more of the nations public and private assets are stored electronically rather than physically, often outside our authority, there will be more opportunities for crime. However, the same technologies can be used to protect ourselves and by our law enforcement agencies to detect, investigate and prosecute offenders.

This paper is prepared to cover the cyber crimes and also abuse in general. It defines the cyber crimes & types of cyber crimes & criminals. In this paper I have presented the reason behind the cyber crimes & abuses. Within this paper I have also discuss about the challenges that internet has facing for cyber crimes & abuses. A set of global and local laws of cyber crimes are also introduce in this paper. And at the end I tried my best to draw attention to some guideline that will help to take protection measure to defend valuable information & assets of individuals from cyber criminals.

Chapter 1:

Background of the study

1.1 Introduction
Cybercrime has already become a going concern in both private as well as public sector in Bangladesh. During the last decade private and public sector has done a revolution with the use of technical enhancement. Due to unauthorized intervention to the system, company loses huge confidential information which caused a large amount of financial lose. It has already been identified that especially Financial Institutions are in the most threading organization for cybercrime that at the same time reflects to the personal life. Some development partners have started working how to tackle cybercrime and improve effective communications.

1.2 Methodology
Employing the following qualitative methods has collected the relevant information: Internet crime report 2009. Analysis different articles & documents through Internet. Different publications regarding Cyber crimes & abuses. Internet Crime complaint center. Personal observation.

1.3 Objectives
The primary objective of the study was to identify the Internet challenges on cyber crimes & abuses. The secondary objectives of the study are: Types of cybercrime with the profile of cyber criminals; Effects & Impact of cybercrime; Necessary Legislations to tackle Cybercrime. How to protect individuals assets from cyber crimes.

1.4 Scope of the study

Cybercrime does not know the boundary. The same technology that brings people of the world closer together has a darker side, making it easier for criminal or malicious elements to steal, destroy, corrupt, defraud and exploit. Internet technology has come to Bangladesh quite late. But, the country does not leg behind when it comes to cybercrimes. As most of the organizations in Bangladesh are very keen to use the opportunity of the internet technology, the potential threats cannot be ruled out. Due to availability and comparatively cheaper prize of a personal computer, interest to use them for day to day personal business is being grown up. Considering the above views, the study was conducted at all levels in where an information and communication technology (ICT) has arrived with its prospect.

1.5 Limitation of the study

The study has suffered certain restrictions as below: The length of the study was very short. More in detail analysis would have resulted better outputs. Lack of availability of information has hampered the study to some extent.

In some extent, up to date information is not published.

Chapter 2:

General contest of the study

2.1 History
In the last decades computer crime and cybercrime have become a major concern for law enforcement around the world. Since the debate about criminal abuse of computer and network technology started in the 1960s, the importance of the topic constantly emerged. Within half of a century of intensive debate, various solutions were discussed to address the issue. But especially because of the constant technical development as well as the changing methods how the offences are carried out the issue remains on the agenda of both national governments and international/regional organizations. From the 1960s to the 1980s, computer manipulation and data espionage that were often not addressed by existing criminal legislation were in the focus of the debate and especially the development of a legal response was discussed. The focus of the debate changed in the 1990s when the graphical interface (WWW) was introduced and the number of users started to grow dramatically. It was now possible to make information legally available in one country and thereby enable users worldwide to download it even from countries where the publication of such information was criminalized. Over the last few years, the debate was dominated by new, very sophisticated methods of committing crimes (such as phishing and botnet attacks) and the use of technologies such as voice-over-IP (VoIP) communication and cloud computing that adds a new layer of complexity to law enforcement investigations [1].

2.2 Definition of Cybercrime

Cyber crime, or computer crime, refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Net crime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, identity theft, Child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise [2].

2.3 Literature Review

The word cyber and its relative dot.com are probably the most commonly used terminologies of the modern era. In the information age the rapid development of computers, telecommunications and other technologies has led to the evolution of new forms of trans-national crimes known as cyber crimes. Cyber crimes have virtually no boundaries and may affect every country in the world. They may be defined as any crime with the help of computer and telecommunication technology, with the purpose of influencing the functioning of computer or the computer systems. The extent of loss involved worldwide of cyber crimes is tremendous as it is estimated that about 500 million people who use the Internet can be affected by the emergence of cyber crimes. Cyber crimes are a very serious threat for the times to come and pose one of the most difficult challenges before the law enforcement machinery most cyber crimes do not involve violence but rather greed, pride, or play on some character weakness of the victims. It is difficult to identify the culprit, as the Net can be a vicious web of deceit and can be accessed from any part of the globe. This new technology not only provides opportunities for the profitable development of an international information market but has also raised the specter of new criminal activities to exploit them [3]. Cyber crime is defined in different ways by people based on their experiences, the British police define cyber crime as a crime that involves computer network and the cyber criminals are very quick in grabbing the opportunities, it was well said by Shariff that while defining behavior, we should bear in mind that it is related to particular context of time with many influences acting ona individual who are committing the action. Shariff also so said definition of cyber bullying must explain the tools and forms that it has involved to differentiate it from the regular cyber bullying. As the tolls and the forms used to commit a cyber crime will let people know the severity and the mode of crime, According to Besley (2008) cyber bullying is planned to harm others using the technologies in information and communication by repeated, deliberate and aggressive behavior of an individual or group[17] A article on cyber crime by Vladimir sates that in Russia during 1990 0nly 10-12 cases were filed which were of rowdies and now the two thirds of all the cases lodged are of information stolen and unauthorized access, the technology available to the hackers, the area approachable is very wide in this globalize and web connected world this world, these factors are easing the

hackers and are a very big concern for the crime investigators, the economy has become so technical, money becoming more electronically people are finding it very hard get away from cyber bullying, Krause and Tipton(1999) said that the internet has no boundaries, but it also lacks rules and codes of central authorized which governs it[17]. Nuemann, 2001 As said by Nuemann, the biggest drawback of internet fraud is that it goes unnoticed and unreported but costs business many millions, internet frauds sometimes go unnoticed as they do not affect the daily routine and sometimes they are too small to notice and sometimes people notice such frauds but neglect to complain, getting unnoticed and negligence of people when taken on a large scale will account for a big figure that makes an organization or group of organizations lose so much money [17].

2.4 Six Common Types of Cyber Crime

As the Internet, mobile phones, and other computer technologies have flourished, criminals have found ways to use them for old-fashioned goals such as theft, fraud, intimidation, and harassment. Crimes committed through the use of computer systems are known as cybercrimes. Here are some common cybercrimes to look out for. Fraud Most forms of Internet fraud are financial in nature. Cybercriminals may hack into personal financial accounts to access funds. They might attack website databases in order to gain access to consumer details, such as Social Security numbers, that can be used to take out credit cards or loans in another persons name. This type of fraud is known as identity theft. Criminals can also hijack a persons wireless Internet connection in order to use it without having to pay for it. Computer Trespassing Cybercriminals can gain access to individual computers to peek through files, website browsing history, access passwords, or possibly even save files to your machine. This type of fraud is known as computer trespass. In many cases, computer trespassing is accomplished by luring

people to click on attachments or download files. For instance, a recent Black Friday scam sent victims an e-mail that was apparently from Apple, promising a $50 iTunes gift card if they downloaded a particular file. The file actually allowed its creators to access passwords and other sensitive information on computers that downloaded it. Hardware Hijacking Researchers at Columbia University recently discovered a serious security flaw in certain printers, as well. Many printers automatically update their software when accepting a print job, connecting to the Internet to download the latest print drivers. Researchers believe that criminals could exploit this process by having printers download malicious files to trespass on networks the printers are connected to, or even to make the printers overheat and catch fire. Bullying, Harassment, and Stalking There have been several high-profile cases of teenagers bullying one another over the Internet. In most instances of cyber bullying, bullies posted obscene or cruel messages to the victim on social media sites like Facebook, uploaded embarrassing videos of them to sites like YouTube, or impersonated someone else to toy with their emotions. Harassers and bullies may also steal their victims passwords, to impersonate them on the Internet or monitor their e-mail accounts. The Internet can also be an ideal tool for stalkers. Information is often handed to the criminals by the victims themselves. Unwary social media site users can give away their name, age, occupation, home and work addresses, or even their current location by using sites such as Foursquare or Facebook without making full use of privacy protections. Spam Unsolicited mass e-mail, known colloquially as spam, is more than annoying: spam messages can be used to trick people into giving up sensitive personal information (known as phishing), or as carriers for computer worms and viruses. Additionally, opening spam e-mail could leave

you vulnerable to spoofing, where a spammer gains the ability to send more of this junk e-mail through your account. Information Warfare More complex and far-reaching than the crimes above, information warfare involves large-scale attacks on computers, websites, and networks. Jamming or hijacking a satellite or phone network, which can be done through computers, is one example of information warfare. Hijacked computers can then be turned into zombies that spread malicious code, or paralyze a website by repeatedly trying to gain accesswhats known as a DDoS attack. DDoS stands for distributed denial of service, and is basically the use of many computers to swamp a targeted website so that it cannot operate [4]. Also various other small or rare forms of cyber crime are highlighted in the following [5]. Against Individuals: Pestering via e-mails. Cyber-stalking. Distribution of obscene material. Insult. Illegal control over computer system. Offensive exposure Email spoofing Cheating & Fraud Against Individual Property: Computer vandalism. Transmitting virus. Unofficial access over computer system. Logical Property crimes Internet time thefts

Against Private Organization: Unauthorized control/access over computer system Ownership of non permitted information. Distribution of pirated software etc.

Against government/nation: Cyber terrorism against the government organization. Against Society at large: i. ii. Pornography (basically child pornography). Polluting the youth through coarse exposure.

iii. Trafficking iv. Monetary crimes v. Sale of illegal articles vi. Online betting/gambling vii. Forgery

2.5 The Top 10 Kinds of Cybercriminals

The digital era has its own cast of evil characters, and while they may not have a pirate's swagger or a train robber's dash, they certainly do pose a challenge to people who would like to keep the cyber world a safe place for entertainment, information and business. Here in the following I have present information regarding ten kinds of Cybercriminals. 1. Malware Authors: These are the guys who write and distribute viruses, worms, Trojan horses and other bits of digital nastiness. They force people and businesses to spend huge sums of money on anti-malware technologies that rob systems of their power and performance. Malware authors are the scum of the earth but you already knew that. 2. Phishers: Your bank account is about to expire and you must immediately update your information. Not really: It's just another low-life phisher trying to steal your personal

information and, most likely, your identity, by directing you to a bogus Web site. The Anti-Phishing Working Group, an association of retailers and financial institutions focused on eliminating Web-based fraud, says it finds about 20,000 to 30,000 unique phishing Web sites each month. 3. Hoaxsters: Get any emails from Nigeria lately? How about an "urgent message" from a British lord? An overseas job offer, perhaps? In all of these cases, you were probably pitched some type of funds- transfer deal. But, as too many people have already learned, the only money that's ever transferred in these schemes is from the victim to the hoaxster. 4. Scammers: Your email inbox is probably full of scammers' handiwork, including offers for discount pharmaceuticals, time-shares, health foods, gadgets and the like. Send these guys your credit-card number or, worse yet, cash and all you'll receive in return is angst. 5. Online Loan Sharks: A six-figure loan with no collateral or income verification? Sure. And would you like some whipped cream and a cherry on top of that, too? Unlike scammers, online loan sharks promise to send you money. Unfortunately, the cyberbandit will ask for an up-front fee to "process the application," and that's the only money that will ever change hands. 6. Spammers: These guys are criminals in the sense that they steal your time. Unlike phishers, hoaxsters and other email abusers that intend to separate you from your personal information and/or money, spammers flood your email inbox with ads (for both legitimate and illegitimate products), political diatribes, jokes, dire warnings of supposedly pending laws and other gibberish. Spammers may not be the most dangerous cybercriminals, but they are certainly among the most annoying. Spammers also inflict a real financial cost by draining network bandwidth and forcing service providers, enterprises and many individual users to install expensive and often imperfect anti-spam technologies. 7. Auction Fraudsters: You were overjoyed when you won that Louis XVI gold clock on eBay. The euphoria subsided, however, when the clock arrived. The timepiece hardly resembled its online photo, looking more like an object that might grace the boardwalk at

Coney Island than the Palace of Versailles. Oh well, at least you received something, which is more than many victims of auction fraudsters can claim. 8. Bogus Prize Promoters: "Congratulations, you've won the Fredonia National Lottery." All you've really won, of course, is a chance to be hung up and fleeced as the "lottery officials" engage you in a complex scheme involving up-front fees and bogus checks. 9. Media Pirates: Who needs iTunes when you can just swipe a song or video off of LimeWire or another P2P (peer-to-peer) file-sharing service? Nobody gets hurt, right? Well, nobody but the people who worked hard to create the media. Your conscience might take a beating, too. 10. Social Parasites: Social-networking sites, instant-messaging networks, online dating services and Web classifieds are full of them: people who pretend to be someone they're not. Some of these characters target naive and vulnerable people to swindle them out of their money. Other parasites impersonate people, such as celebrities, in a sad attempt to smear their reputation or grab a small piece of glory. In either case, social parasites are a scourge of Internet society [6].

2.6 Reasons for Cyber Crimes

The Concept of Law has said that the Human Beings are Vulnerable so rule of law is required to protect them. Applying this to the Cyberspace, we may say that computers are vulnerable so rule of law is required to protect and safeguard them against the Cyber Crime. The reasons for the vulnerability of computers may be said to be: Capacity to store data in comparatively small space The computer has unique characteristic of storing data in a very small space. This affords to remove or derive information either through physical or virtual medium makes it much easier. Easy to access- The problem encountered in guarding a computer system from unauthorized access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access

codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and even bypass firewalls can also be utilized to get past many a security system. Easy to access The problem encountered in guarding a computer system from unauthorized access is that there is every possibility of breach not due to human error but due to the complex technology. By secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers etc. that can fool biometric systems and bypass firewalls can be utilized to get past many a security system. Complex The computers work on operating systems and these operating systems in turn are composed of millions of codes. Human mind is fallible and it is not possible that there might not be a lapse at any stage. The cyber criminals take advantage of these lacunas and penetrate into the computer system. Negligence Negligence is very closely connected with human conduct. It is therefore very probable that while protecting the computer system there might be any negligence, which in turn provides a Cyber Criminal to gain access and control over the computer system. Loss of evidence Loss of evidence is a very common & obvious problem as all the data are routinely destroyed. Further collection of data outside the territorial extent also paralyses this system of Crime Investigation [7].

2.7 Whos committing these crimes?

Most of them are between 29 and 49 years old, and three-quarters are male. They work in organized groups, half of which have six or more members. And they live all over the world, but especially in Asia, notably China and Indonesia.

Thats according to online payments company Jumio one of the companies that Facebook founder Eduardo Saverin has invested in. Jumio has put together an info graphic highlighting who is attacking companies and people. To do what they do, cyber criminals need access to the interwebs. That means Internet service providers and website hosting providers are critical, and most of the ones criminals work through are based in Russia and China. This wont make victims of identity theft, hacking, or online fraud feel any better, but only 0.0019 percent of cybercrimes in the U.S. in 2010 were tried in court and saw the hackers convicted [8]. Heres all the data, in visual form are shown in the appendix-1.

2.8 Victims of Cybercrime

In general, victims of cybercrime are: Desperados and greedy people Gullible Unskilled and Inexperienced Unlucky people

2.9 Effects of Cyber Crime

Cyber crime affects more than the financial integrity of a business. There are many very real and damaging consequences associated with Internet crime. Understanding the effects of cyber crime is an important first step in comprehending the necessity of security measures on a computer network. Loss of Revenue One of the main effects of cyber crime on a company is a loss of revenue. This loss can be caused by an outside party who obtains sensitive financial information, using it to withdraw funds from an organization. It can also occur when a business's e-commerce site becomes

compromised--while inoperable, valuable income is lost when consumers are unable to use the site. Wasted Time Another major effect or consequence of cyber crime is the time that is wasted when IT personnel must devote great portions of their day handling such incidences. Rather than working on productive measures for an organization, many IT staff members spend a large percentage of their time handling security breaches and other problems associated with cyber crime. Damaged Reputations In cases where customer records are compromised by a security breach associated with cyber crime, a company's reputation can take a major hit. Customers whose credit cards or other financial data become intercepted by hackers or other infiltrators lose confidence in an organization and often begin taking their business elsewhere. Reduced Productivity Due to the measures that many companies must implement to counteract cyber crime, there is often a negative effect on employees' productivity. This is because, due to security measures, employees must enter more passwords and perform other time-consuming acts in order to do their jobs. Every second wasted performing these tasks are a second not spent working in a productive manner [9].

2.10 Impacts of Cyber-Crime

Lunda Wright, a legal researcher specializing in digital forensic law at Rhodes University, has an interesting research finding on a blog posted in October 2005. It states that there has been an increased rate of prosecutions of cyber-criminals. There has been an increased clamping down on cyber-piracy related to the film and music works. There are novel lawsuits and strategies for litigation. There is a greater dependence on the skills of computer forensic experts in corporations and government. Finally, there is an increase in inter-government cooperative efforts.

Organized crime groups are using the Internet for major fraud and theft activities. There are trends indicating organized crime involvement in white-collar crime. As criminals move away from traditional methods, internet-based crime is becoming more prevalent. Internet-based stock fraud has earned criminals millions per year leading to loss to investors, making it a lucrative area for such crime. Police departments across the nation validate that they have received an increasing number of such crimes reported in recent years. This is in sync with the national trend resulting from increased computer use, online business, and geeky sophisticated criminals. In the year 2004, cyber-crime generated a higher payback than drug trafficking, and it is set to grow further as the use of technology expands in developing countries. Scott Borg, director of the U.S. Cyber Consequences Unit, an agency supported by the U.S. Department of Homeland Security, recently indicated that denial-of-service attacks wont be the new wave of future. The worms, viruses are considered not quite matureas compared to the potential of attacks in future [10]. Potential Economic Impact The 2011 Norton Cyber crime disclosed that over 74 million people in the United States were victims of cyber crime in 2010. These criminal acts resulted in $32 billion in direct financial losses. Further analysis of this growing problem found that 69 percent of adults that are online have been victims of cyber crime resulting in 1 million cyber crime victims a day. Many people have the attitude that cyber crime is a fact of doing business online. As todays consumer has become increasingly dependent on computers, networks, and the information these are used to store and preserve, the risk of being subjected to cyber-crime is high. Some of the surveys conducted in the past have indicated as many as 80% of the companiessurveyed acknowledged financial losses due to computer breaches. The approximate number impacted was $450 million. Almost 10% reported financial fraud. Each week we hear of new attacks on the confidentiality, integrity, and availability of computer systems. This could range from the theft of personally identifiable information to denial of service attacks. As the economy increases its reliance on the internet, it is exposed to all the threats posed by cyber-criminals. Stocks are traded via internet, bank transactions are performed via internet,

purchases are made using credit card via internet. All instances of fraud in such transactions impact the financial state of the affected company and hence the economy. The disruption of international financial markets could be one of the big impacts and remains a serious concern. The modern economy spans multiple countries and time zones. Such interdependence of the world's economic system means that a disruption in one region of the world will have ripple effects in other regions. Hence any disruption of these systems would send shock waves outside of the market which is the source of the problem. Productivity is also at risk. Attacks from worms, viruses, etc take productive time away from the user. Machines could perform more slowly; servers might be in accessible, networks might be jammed, and so on. Such instances of attacks affect the overall productivity of the user and the organization. It has customer service impacts as well, where the external customer sees it as a negative aspect of the organization. In addition, user concern over potential fraud prevents a substantial cross-section of online shoppers from transacting business. It is clear that a considerable portion of e-commerce revenue is lost due to shopper hesitation, doubt, and worry. These types of consumer trust issues could have serious repercussions and bear going into more detail [10]. Impact on Market Value The economic impact of security breaches is of interest to companies trying to decide where to place their information security budget as well as for insurance companies that provide cyberrisk policies. For example, a ruling in favor of Ingram. Micro stated that physical damage is not restricted to physical destruction or harm of computer circuitry but includes loss of use and functionality. This new and evolving view of damage becomes even more important as many firms rely on information systems in general and the Internet in particular to conduct their business. This precedent may force many insurance companies to compensate businesses for damage caused by hacker attacks and other security breaches. As the characteristics of security breaches change, companies continually reassess their IS environment for threats. In the past, CIOs have relied on FUDfear, uncertainty, and doubt to promote IS security investments to upper management. Recently, some insurance companies created actuarial tables that they believe provide ways to measure losses from computer interruptions and hacker attacks. However, these estimates are questionable mostly due to the lack of historical data. Some

industry insiders confess that the rates for such plans are mostly set by guesswork. As cited in: These insurance products are so new, that the $64,000 question is: Are we charging the right premium for the exposure? Industry experts cite the need for improved return on security investment (ROSI) studies that could be used by insurance companies to create hacking insurance, with adjustable rates based on the level of security employed in the organization and by the organization to justify investments in security prevention strategies. Depending on the size of the company, a comprehensive assessment of every aspect of the IS environment may be too costly and impractical. IS risk assessment provides a means for identifying threats to security and evaluating their severity. Risk assessment is a process of choosing controls based on the probabilities of loss. In IS, risk assessment addresses the questions of what is the impact of an IS security breach and how much will it cost the organization. However, assessing the financial loss from a potential IS security breach is a difficult step in the risk assessment process for the following reasons: 1. Many organizations are unable or unwilling to quantify their financial losses due to security breaches. 2. Lack of historical data. Many security breaches are unreported. Companies are reluctant to disclose these breaches due to management embarrassment, fear of future crimes, and fear of negative publicity. Companies are also wary of competitors exploiting these attacks to gain competitive advantage. 3. Additionally, companies maybe fearful of negative financial consequences resulting from public disclosure of a security breach. Previous research suggests that public news of an event that is generally seen as negative will cause a drop in the firms stock price. Risk assessment can be performed using traditional accounting based measures such as the Return on Investment (ROI) approach. However, ROI cannot easily be applied to security investments. To justify investment in IS security, CIOs will need to (1) present evidence that the costs of a potential IS security problem outweigh the capital investment necessary to acquire such a system and, (2) prove the expectation that the IS security systems return on investment will equal or exceed that of competing capital investment opportunities. This is difficult to accomplish since if the security measures workthe number of security incidents are low and there are no measurable returns. Accounting-based measures such as ROI are also limited by the lack of time and resources necessary to conduct an accurate assessment of financial loss. Instead,

companiesIT resources are devoted to understanding the latest technologies and preventing future security threats. In addition, potential intangible losses such as loss of competitive advantage that result from the breach and loss of reputation are not included because intangible costs are not directly measurable. Therefore, there is a need for a different approach to assess the risk of security breaches. One such approach is to measure the impact of a breach on the market value of a firm. A market value approach captures the capital markets expectations of losses resulting from the security breach. This approach is justifiable because often companies are impacted more by the public relations exposure than by the attack itself. Moreover, managers aim to maximize a firms market value by investing in projects that either increase shareholder value or minimize the risk of loss of shareholder value. Therefore, in this study we elected to use market value as a measure of the economic impact of security breach announcements on companies. In the following section we define a security breach as an unexpected event and discuss the characteristics of DOS attacks [10]. Impact on Consumer trust Since cyber-attackers intrude into others space and try and break the logic of the page, the end customer visiting the concerned page will be frustrated and discouraged to use the said site on a long term basis. The site in question is termed as the fraudulent, while the criminal masterminding the hidden attack is not recognized as the root cause. This makes the customer lose confidence in the said site and in the internet and its strengths. According to reports sponsored by the Better Business Bureau Online, over 80% of online shoppers cited security as a primary worry when conducting business over the Internet. About 75% of online shoppers terminate an online transaction when asked for the credit card information. The perception that the Internet is rife with credit card fraud and security hazards is growing. This has been a serious problem for e-commerce. Complicating the matter, consumer perceptions of fraud assess the state to be worse than it actually is. Consumer perception can be just as powerful - or damaging - as fact. Hence usersconcerns over fraud prevent many online shoppers from transacting business. Concern over the credibility of an e-business in terms of being unsafe or cluttered makes a shopper reluctant to

transact business. Even the slightest perception of security risk or amateurish commerce seriously jeopardizes potential business [10]. Areas Ripe for Exploitation: National Security Modern military of most of the countries depends heavily on advanced computers. Information Warfare, or IW, including network attack, exploitation, and defense, isn't a new national security challenge, but since 9/11 it has gained some additional importance. IW appeals because it can be low-cost, highly effective and provide deniability to the attacker. It can easily spread malware, causing networks to crash and spread misinformation. Since the emphasis is more on noninformation warfare, information warfare is definitely ripe for exploration. The Internet has 90 percent junk and 10 percent good security systems. When intruders find systems that are easy to break into, they simply hack into the system. Terrorists and criminals use information technology to plan and execute their criminal activities. The increase in international interaction and the wide spread usage of IT has facilitated the growth of crime and terrorism. Because of the advanced communication technology people need not be in one country to organize such crime. Hence terrorists and criminals can find security loopholes in the system and can function from unusual locales instead of their country of residence. Most of such crimes have been originating in developing countries. The wide spread corruption in these countries fuel these security hacks. The internet has helped fund such crimes by means of fraudulent bank transactions, money transfer etc. Greater encryption technology is helping these criminal activities [10].

Chapter 3:

Methodology of the study

3.1 Site Selection

The topic chosen for the assignment is Internet Challenges on Cyber crimes & Abuses.

3.2 Country Map

Figure 1: Country City Map.

3.3 Data Collection

All the data and information which is related to my task was collected from secondary source.

3.4 Data Analysis

I use Microsoft Word and Microsoft PowerPoint to prepare this assignment.

Chapter 4: Law enforcement & Preventive action against Cyber crime

4.1 International Cybercrime laws &countermeasures

4.1.1Technical There are a variety of different technical countermeasures that can be deployed to thwart cybercriminals and harden systems against attack. Firewalls, network or host based, are considered the first line of defense in securing a computer network by setting Access Control Lists (ACLs) determining which what services and traffic can pass through the check point. Antivirus can be used to prevent propagation of malicious code. Most computer viruses have similar characteristics which allow for signature based detection. Heuristics such as file analysis and file emulation are also used to identify and remove malicious programs. Virus definitions should be regularly updated in addition to applying operating system hot fixes, service packs, and patches to keep computers on a network secure. Cryptography techniques can be employed to encrypt information using an algorithm commonly called a cipher to mask information in storage or transit. Tunneling for example will take a payload protocol such as Internet Protocol (IP) and encapsulate it in an encrypted delivery protocol over a Virtual Private Network (VPN), Secure Sockets Layer (SSL), Transport Layer Security (TLS), Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), or Internet Protocol Security (IPSec)to ensure data security during transmission. Encryption can also be employed on the file level using encryption protocols like Data Encryption Standard (DES), Triple Data Encryption Algorithm (3DES), or Advanced Encryption Standard (AES) to ensure security of information in storage. Additionally, network vulnerability testing performed by technicians or automated programs can be used to test on a full-scale or targeted specifically to devices, systems, and passwords used on a network to assess their degree of secureness. Furthermore network monitoring tools can be used to detect intrusions or suspicious traffic on both large and small networks. Physical deterrents such as locks, card access keys, or biometric devices can be used to prevent criminals from gaining physical access to a machine on a network. Strong password protection both for access to a computer system and the computer's BIOS are also effective countermeasures to against cyber-criminals with physical access to a machine [11].

4.1.2 Economic The optimal level of cyber-security depends largely on the incentives facing providers and the incentives facing perpetrators. Providers make their decision based on the economic payoff and cost of increased security whereas perpetrators decisions are based on the economic gain and cost of cyber-crime. Potential prisoners dilemma, public goods, and negative externalities become sources of cyber-security market failure when private returns to security are less than the social returns. Therefore the higher the ratio of public to private benefit the stronger the case for enacting new public policies to realign incentives for actors to fight cyber-crime with increased investment in cyber-security [11]. 4.1.3 Legal There are several laws and regulation are adopt internationally. Some of them are discuss in the following: The Computer Fraud and Abuse Act The Computer Fraud and Abuse Act passed in 1986 is one of the broadest statutes in the US used to combat cyber-crime. It has been amended a number of times, most recently by the US Patriot Act of 2002 and the Identity theft enforcement and Restitution Act of 2008. Within it is the definition of a protected computer used throughout the US legal system to further define computer espionage, computer trespassing, and taking of government, financial, or commerce information, trespassing in a government computer, committing fraud with a protected computer, damaging a protected computer, trafficking in passwords, threatening to damage a protected computer, conspiracy to commit a cyber-crime, and the penalties for violation. The 2002 update on the Computer Fraud and Abuse Act expands the act to include the protection of information from any protected computer if the conduct involved an interstate or foreign communication. The Digital Millennium Copyright Act The Digital Millennium Copyright Act passed in 1998 is a United States copyright law that criminalizes the production and dissemination of technology, devices, or services intended circumvent Digital Rights Management (DRM), and circumvention of access control.

The Electronic Communications Privacy Act The Electronic Communications Privacy Act of 1986 extends the government restrictions on wiretaps from telephones. This law is generally thought in the perspective of what law enforcement may do to intercept communications, but it also pertains to how an organization may draft their acceptable use policies and monitor communications. The Stored Communications Act The Stored Communications Act passed in 1986 is focused on protecting the confidentiality, integrity and availability of electronic communications that are currently in some form of electronic storage. This law was drafted with the purpose of protecting the privacy of e-mails and other electronic communications. Identity Theft and Aggravated Identity Theft The Identity Theft and Aggravated Identity Theft statute is a subsection of the Identification and Authentication Fraud statute. It defines the conditions under which an individual has violated identity theft laws. Internet Spyware Prevention Act The Internet Spyware Prevention Act (I-SPY) prohibits the implementation and use of spyware and adware. I-SPY also includes a sentence for intentionally accessing a computer with the intent to install unwanted software. CAN-SPAM Act The CAN-SPAM Act of 2003 establishes the United States' first national standards for the sending of commercial e-mail and requires the Federal Trade Commission (FTC) to enforce its provisions. Wire Fraud Statute The Wire fraud statute outlined in 18 U.S.C. 1343 applies to crimes committed over different types of electronic medium such as telephone and network communications [11].

4.1.4 Behavioral Behavioral countermeasures can also be an effective tool in combating cyber-crime. Public awareness campaigns can educate the public on the various threats of cyber-crime and the many methods used to combat it. It is also here that businesses can also make us of IT policies to help educate and train workers on the importance and practices used to ensure electronic security such as strong password use, the importance of regular patching of security exploits, signs of phishing attacks and malicious code, etc. California, Virginia, and Ohio have implemented services for victims of identity theft, though not well publicized. California has a registry for victims with a confirmed identity theft. Once registered, people can request law enforcement officers call a number staffed 24 hours, year round, to "verify they are telling the truth about their innocence. In Virginia and Ohio, victims of identity theft are issued a special passport to prove their innocence. However, these passports run the same risk as every other form of identification in that they can eventually be duplicated. Financial agencies such as banks and credit bureaus are starting to require verification of data that identity thieves cannot easily obtain. This data includes users past addresses and income tax information. In the near future, it will also include the data located through use of biometrics. Biometrics is the use of automated methods for uniquely recognizing humans based upon intrinsic physical or behavioral traits. These methods include iris scans, voice identification, and fingerprint authentication. The First Financial Credit Union has already implemented biometrics in the form of fingerprint authentication in their automated teller machines to combat identity theft. With a similar purpose, Great Britain has announced plans to incorporate computer chips with biometric data into their passports. However, the greatest problem with the implementation of biometrics is the possibility of privacy invasion [11].

4.2 Cybercrime Law and Scenario in Bangladesh

In 2008 a petty hacker of Bangladesh named Shahi Mirza hacked the RABs website. Moreover he confessed to police that not only RABs website but also other national govt. and non govt. and international site had been hacked by him for a long time. Totally he hacked 21 website

together with Armys website. So it is clear to us that the cyberspace of Bangladesh is not secured. Today the cyber criminals enter into the computer system or network with their talents, sufficient and special higher knowledge and technique neglecting legal process. That is why they cause great harm or loss to individuals and state by theft of important and private information by selling that information by theft of bank accounts money by transferring civil information to the opponent party. There are some laws regarding this but the cyber crime is not controlled. Recently the Bangladesh ICT Act-2006 has added to the list. Its some sections was amended in 2009 where as the highest punishment is 10 years imprisonment or find up to 1 crore. Though this Act is not sufficient to prevent the cyber crime. Then everyday should have knowledge about that act and penalty. On the other hand the govt and concerned authority should continuously amend this law. Because some harm derived from cyber crimes is beyond the crore money which encourage the cyber criminals. To define and amend certain parts of law relating to legal recognition and security of information and communication technology and related matters the Information and Communication Technology Act- 2006 was enacted. According to the ICT Act the cybercrime shall be treated as non cognigible offence that is why the police cant arrest the criminals without warrant except some cases. Chapter eight section 54 to 67 of the ICT Act 2006 describe the cybercrimes both civil and criminal matters. The followings shall be treated as crime: Unauthorized copying, extracting and downloading of any data, database. Introduction of virus. Damage and disruption to computer system and computer network. Denial of access to authorized person to computer. Providing assistance to make possible to commit to crime. Hacking with computer system. Tampering computer source documents. Electronic forger for the purpose of cheating and harming reputation. Using a forged Electronic record.

Publication of digital signature certificate for the fraudulent purpose. Confiscation of computer, network etc. Publication of information which is obscene in electronic form. Misrepresentation and suppressing material facts for obtaining digital signature certificate. Breach of confidentiality and privacy. Publishing false digital signature certificate.

If any person does any crime under section 54 of the ICT Act 2006 he will be given penalty of maximum 10 years rigorous imprisonment or fined up to 10 lacs taka or for the both of above. If any person does any crime under section 55 he will be given penalty of maximum 3years imprisonment or fined up to 3 lacs taka or with both. Whoever commits hacking under this act shall be punished of maximum 3 years imprisonment or fined up to 1 crore taka or with both. Whoever commits such crime under section 57 of this act shall be punished of maximum 10 years imprisonment or fined up to 1 crore taka or with both. Penalty for failure to surrender license is 6 month imprisonment or fined up to 10 thousand taka or with both. Penalty for failure to comply with order made by the controller is maximum 1 years imprisonment or fined up to 1 lacs taka or with both. Penalty for violation of the order of the controller in emergency period is maximum 5 years or fined up to 5 lacs or with both. Punishment for unauthorized access to protected system is the maximum 10 years or fined up to 10 lacs or with both. Penalty for false representation and hiding information is maximum 2 years imprisonment or fined up to 2 lacs or with both. Penalty for discloser of confidentiality and privacy is maximum 2 years imprisonment or fined up to 2 lacs or with both. Punishment for publishing false digital signature certificate is maximum 2 years imprisonment or fined up to 2 lacs or with both. Penalty for Publication of digital signature certificate for the fraudulent purpose is maximum 2 years imprisonment or fined up to 2 lacs or with both [12].

4.3 In recent times Bangladesh constituted Cyber Crime Tribunal

The government of Bangladesh on Tuesday announced it constituted a Cyber Crime Tribunal while works are underway to toughen related laws as part of a series of steps to prevent abuse or defamation of religion in the Internet. "We are amending both the Right to Information Act and the Penal Code toughening punitive measures for hurting the peoples religious sentiments," Law Minister Barrister Shafique Ahmed told a press conference also joined by Home Minister Mahiuddin Khan Alamgir and two state ministers. He added that tough actions also awaited against elements, which carried out a campaign that a human chain protest was staged demanding release of 1971 war crime convict Delwar Hossain Sayedee at the Holy Kaba, showing a picture which actually was a photograph framing the process of change of a "Gilaf" at the holy site. Shafique told the press conference that the government constituted the country's first ever Cyber Crime Tribunal appointing a judge in the capital while a process was underway to set up identical special courts at divisional cities including Chittagong. Alamgir said a government committee comprising two Islamic scholars was constituted to identify websites, which were either exploiting or defaming the religion while three people were arrested already in line with their recommendations. The existing 2006 Right to Information Act prescribed 10 years of imprisonment and penalty up to Taka 1 crore for hurting people's religious sentiments using Internet while the century old Penal Code suggests two years of imprisonment alongside penalty for defaming religion and hurting the people's religious sentiment. The law minister told the press conference that the government was examining ways to toughen both the laws alongside their stringent enforcement. Bangladesh authorities earlier banned the Youtube to prevent the viewing of a defamatory video insulting Prophet Hazrat Mohammad (SM) which earlier sparked worldwide protests in late 2012.

In February this year they closed 12 blogs and Facebook pages for carrying out "malicious publicity" by suspected Islamists amid an intensified nationwide campaign against their stalwarts for 1971 war crimes siding with Pakistani troops. But the mostly fundamentalist Jamaat-e-Islami (JI) and several other Islamist outfits have been alleging that young "anti-Islamic bloggers" were defaming Islam and Prophet Hazrat Mohammad (SM). The young bloggers initiated a massive street campaign enforcing a round the clock vigil at Dhaka's Shahbagh Square for over a month from February this year demanding toughest punishment for perpetrators of 1971 "crimes against humanity" siding with Pakistani troops in the name of protecting Islam [13].

4.4 Unique Challenges on Cyber crimes & Abuses

The nature and particular features of electronic crime will pose new and unique challenges for Investigators, because of: Anonymity; Global reach (including issues of jurisdiction, disparate criminal laws and the potential for large scale victimization). The speed at which crimes can be committed; The potential for deliberate exploitation of sovereignty issues and cross-jurisdictional differences by criminals and organized crime; The volatility or transient nature of evidence, including no collateral or forensic evidence such as eyewitnesses, fingerprints or DNA; and The high costs of investigations, which will often be complex and multi-jurisdictional. Enforcing the law in cyberspace presents significant challenges, particularly in view of rapid technological change. Some of the challenges include: Bridging multi-jurisdictional boundaries;

Retaining and preserving evidence; Acquiring appropriate powers; Decoding encryption; Proving identity; Knowing where to look for evidence; Tackling the tools of crime and developing tools to counter crime; Rethinking the costs and priorities of investigation; Responding to crime in real time; Coordinating investigative activities; Improving training at all levels of the organization; Developing strategic partnerships and alliances; Improving the reporting of electronic crime; Enhancing the exchange of information and intelligence; Acquiring, developing and retaining specialist staff; and Avoiding tech-lag (or ensuring access to cutting edge technology). One of the biggest policy issues for government will be how to deal with the anonymity of the Internet [14].

4.5 Digital era poses new security challenges for Bangladesh

The trend, experts say, points to a new spectrum of challenges facing law enforcement as more and more Bangladeshis become wired into digital networks.

According to official statistics, nearly 4% of Bangladeshis use broadband internet service while over 48% use cell phones to go online. Currently, there are over 100 million cell phone users in the country, accounting for two-thirds of the total population. The number of internet users is rising every day and so is cybercrime," Muhammad Zamir, Bangladesh's Chief Information Commissioner, told Khabar South Asia. "It is high time we take appropriate measures to deal with the issue urgently." But legal experts warn the government's ability to fight cybercrime is hampered by the lack of appropriate tools and legislation. "Limitation of existing laws on the one hand and the lack of expertise on the part of the law enforcement personnel on the other are the main obstacles to fighting cybercrime," Hafizur Rahman, a law professor at Dhaka University, told Khabar. Mohammad Sohail, director of Media and Law of the elite Rapid Action Battalion (RAB), said there has been a surge in sexual exploitation of girls through internet in recent years and "we're having trouble dealing with the problem through existing law." "Even five years ago, we didn't think much about child pornography. But now we receive so many complaints," Sohail told Khabar, adding, "We should have specific law to deal with the issue [15]."

4.6 'IT is crucial to country's future'

Some say a special tribunal should be established to handle cybercrime. Technology experts, however, warn that such a body could abuse its power and hamper the spread of information technology in Bangladesh. Even with the attendant risks, they say, such growth is critical to the country's social and economic development. "There's definitely a positive impact of spreading information technology to every nook and cranny of Bangladesh and we should be genuinely concerned about the surge in cybercrime," Mostafa Jabbar, a leading information technology expert, told Khabar. "We must not punish the technology but make sure that we catch those criminals who are using the technology to commit the crime," he added.

Bangladesh must do all it can "to spur the growth of information technology in order to advance our economic and social empowerment," said Jabbar, who first introduced a Bengali keyboard in Bangladesh [15].

4.7 Some steps to protecting yourself against Cyber Crime

Now that you know about the various frauds that are prevalent on the Internet and have looked at the relevant laws, you might be wondering what you can do to protect yourself. There are several specific steps you can take to minimize the chances of being the victim of Internet crime. There are also some clear guidelines on how you should handle the situation, should you become a victim [16]. 4.7.1 Protecting against Investment Fraud To protect yourself against investment fraud, follow these guidelines: 1. Only invest with well-known, reputable brokers. 2. If it sounds too good to be true, then avoid it. 3. Ask yourself why this person is informing you of this great investment deal. Why would a complete stranger decide to share some incredible investment opportunity with you? 4. Remember that even legitimate investment involves risk, so never invest money that you cannot afford to lose [16]. 4.7.2 Protecting against Identity Theft When the issue is identity theft, your steps are clear: 1. Do not provide your personal information to anyone if it is not absolutely necessary. This rule means that when communicating on the Internet with anyone you do not personally know, do not reveal anything about yourself; not your age, occupation, real name, nothing. 2. Destroy documents that have personal information on them. If you simply throw away bank statements and credit card bills, then someone rummaging through your trash can get a great deal of personal data. You can obtain a paper shredder from an office supply store or many retail

department stores for less than $20. Shred these documents before disposing of them. This rule may not seem like it is related to computer security, but information gathered through nontechnical means can be used in conjunction with the Internet to perpetrate identity theft. 3. Check your credit frequently. Many websites, including www.consumerinfo.com, allow you to check your credit and even get your beacon score for a nominal fee. I check my credit twice per year. If you see any items you did not authorize, that is a clear indication that you might be a victim of identity theft. 4. If your state has online driving records, then check yours once per year. If you see driving infractions that you did not commit, this evidence is a clear sign that your identity is being used by someone else. In an upcoming chapter on cyber detective work, we will explore in detail how to obtain such records online, often for less than $5. To summarize, the first step in preventing identity theft is restricting the amount of personal information you make available. The next step is simply monitoring your credit and driving records so that you will be aware if someone attempts to use your identity. Another part of protecting your identity is protecting your privacy in general. That task means preventing others from gaining information about you that you dont explicitly provide them. That preventative method includes keeping websites from gathering information about you without your knowledge. Many websites store information about you and your visit to their site in small files called cookies. These cookie files are stored on your machine. The problem with cookies is that any website can read any cookie on your machine, even ones that the website you are currently visiting did not create. So if you visit one website and it stores items like your name, the site you visited, and the time you where there, then another website could potentially read that cookie and know where you have been on the Internet. One of the best ways to stop cookies you dont want is anti-spyware software. We will discuss such software in more detail in a later chapter. Right now, lets see how to change your Internet settings to help reduce exposures to your privacy [16].

4.7.3 Secure Browser Settings If you are using Microsoft Internet Explorer, you can go to Tools and use the drop-down menu; then select Options. You will then see a screen much like the one shown in Figure 3.1. You can then select the third tab, labeled Privacy.

Figure 2.1: Internet Explorer options. When you select that Privacy tab, you will see the screen shown in Figure 3.2. Notice the sliding bar on the left that lets you select various levels of general protection against cookies. It is recommended that you select Medium High as your level.

Figure 2.2: Internet Explorer privacy options.

Note the Advanced button at the bottom of the screen. This button allows you to block or allow individual websites from creating cookies on your computers hard drive. Altering cookie settings on your machine is just one part of protecting your privacy, but it is an important part. You probably also want to ensure that you have selected the In Private browsing option, also shown in Figure 3.2. If you are working with Firefox, the process is similar. You select Tools from the drop-down menu, then select Options. You will then see the screen shown in Figure 3.3.

Figure 2.3: Firefox options. Notice the Privacy option and you will see a screen much like the one shown in Figure 3.4.

Figure 2.4: Firefox privacy. As you can see from Figure 3.4, there are a number of privacy settings for you to select, and they are self-explanatory. You can also select the Security tab and see the screen in Figure 3.5.

Figure 2.5: Firefox security.

I recommend selecting High Security. Also, I would only allow first-party cookies. Third-party cookies are notorious for behaving in ways that violate user privacy. We will discuss cookies and spyware in much more detail in a later chapter, but the simple steps just examined can go a long way toward helping to secure your privacy. Dealing with auction fraud involves a different set of precautions; here are four good ideas. 1. Only use reputable auction sites. The most well-known site is eBay, but any widely known, reputable site will be a safer gamble. Such auction sites tend to take precautions to prevent fraud and abuse. 2. If it sounds too good to be true, dont bid. 3. Some sites actually allow you to read feedback other buyers have provided on a given seller. Read the feedback, and only work with reputable sellers. 4. When possible use a separate credit card, one with a low limit, for online auctions. That way, should your credit card be compromised, your liability is limited. Using your debit card is simply inviting trouble. Online auctions can be a very good way to get valuable merchandise at low prices. However one must exercise some degree of caution when using these services. Protecting yourself from online harassment also has its own guidelines: 1. If you use chat rooms, discussion boards, and so forth, do not use your real name. Set up a separate email account with an anonymous service, such as Yahoo!, Gmail, or Hotmail. Then use that account and a fake name online. This makes it very hard for an online stalker to trace back to you personally. 2. If you are the victim of online harassment, keep all the emails in both digital and printed format. Use some the investigative techniques we will explore later in this book to try and identify the perpetrator. If you are successful, then you can take the emails and the information on the perpetrator to law enforcement officials.

3. Do not, in any case, ignore cyber stalking. According to the Working to Halt Online Abuse website, 19% of cyber stalking cases escalate to stalking in the real world. It is not the intent of this chapter or of this book to make you frightened about using the Internet. My family routinely uses the Internet for entertainment, commerce, and informational purposes. One simply needs to exercise some caution when using the Internet [16].

Chapter 5: Recommendations & Conclusion

5.1 Recommendations
It is suggested that the offered recommendations are prioritized before going into action. Following recommendations are being offered:

The people of Bangladesh are not so much concern about the Cyber crimes, so that they sometimes store or provide their valuable information without strong privacy setup. So the Government should take proper steps to make aware people about the Cybercrimes and Abuses. Government of Bangladesh should established regulatory agencies against Cyber crimes. Clear and self-explanatory Standard Operating Procedure to be imposed immediately for the Cybercrime Unit; A wide-ranging training program should be developed for all the concerns of Information and Communication Technology (ICT) and implement it as pilot basis; A separate Cybercrime Protection Act should be enacted;

We have to keep in mind that fighting against the Cybercrimes & criminals is not through the use of Bullet or weapon; we have to fight with them by using technology and by enforcing tough lows.

5.2 Conclusion:
Ability of human intelligence is unfathomable. It is impossible to get rid of cybercrime from the cyberspace. But quite possible is to check them. The past is the eyewitness that no legislation has succeeded in wholly to eliminating crime from the world. The only possible step is to make people aware of their rights and duties and making the application of the laws & regulation more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. It cannot be denied that changes in the Information Technology Act are also very important to make it more effective to fight cybercrime.

If we look upon the present situation of our country we easily notice that Cyber criminals play a leading role to create political instability. Cyber criminals through making fake identity & using fake picture or providing fake information hampering the religious of peoples of Bangladesh. They did these things easily because there is a lacking of low against Cybercrime. Ruling government desires to establish digitalize Bangladesh. The prerequisite of fulfilling vision 2021 is to ensure cyber safety measures. So to set up digital Bangladesh the concerned authority should give focus about the development, modification and most of all execution of cyber law.

Chapter 6:

References

[1] www.itu.int/.../reports/.../HIPCAR_1-5-A_Cybercrime_Assessment_R... [2] http://en.wikipedia.org/wiki/Cybercrime_and_countermeasures [3] http://www.legalserviceindia.com/articles/article+2302682a.htm [4]http://www.selectitschools.com/Articles/tabid/67/EntryId/3/Six-Common-Types-of-CyberCrime.aspx [5] https://sites.google.com/site/callingoffcybercrime/types-of-cyber-crime [6] http://www.itsecurity.com/features/top-10-cybercriminals-091007/ [7] http://anupgirdhar.net/?q=node/6 [8] http://venturebeat.com/2013/02/22/profile-of-a-cyber-criminal-infographic/ [9] http://www.ehow.com/about_5052659_effects-cyber-crime.html [10] http://www.ijera.com/papers/Vol2_issue2/AG22202209.pdf [11] http://en.wikipedia.org/wiki/Cybercrime_and_countermeasures [12] http://nilakas-duronto.blogspot.com/2011/04/cyber-law-and-its-weakness-bangladesh.html [13] http://www.dailyprimenews.com/details.php?id=8528 [14] http://www.cs.auckland.ac.nz/~john/NetSafe/Etter.pdf [15] http://khabarsouthasia.com/en_GB/articles/apwi/articles/features/2012/09/20/feature-02 [16]http://my.safaribooksonline.com/book/networking/security/9780132828284/chapter-3dotcyber-stalking-fraud-and-abuse/ch03lev1sec5 [17] http://www.scribd.com/doc/56666458/Cyber-Crime

Figure:
1. http://www.mafbangladesh.org/about-bangladesh.html

Appendices:

1. www.internwtworldstats.com 2. www.internetworldstats.com

Appendices

Appendices-1

Appendices-2