Soft Criminals

A computer cannot recognize crimes, only zeros and ones. People cannot be classified into

good and bad. They change colours to good upon necessity and to bad upon opportunity. A

crime will happen only when the opportunity avails itself. Networking computers opens up a

plethora of opportunities for people. Information in computers like water flows, but unlike it,

in both directions as naturally. Restricting this flow makes productive use of it. People act

with tools available to them. The sharper the knife, the deeper the wound. Technologies are

morally neutral, until people apply them. “Intent” of a person is the factor to decide the act

committed.

Page 1 of 13
Below are presented the viewpoints of different simulated characters to justify the actions

they do and a brief analysis of their actions.

Hacker’s Perspective

As I await my turn, to list hobbies, a hundreds of thoughts are running in my mind. Should I

tell Madame about it? What will she think? Can she comprehend? And if so, can she

appreciate it? “I like to paint”, Madame. “Good, what is your best painting?”; “Robin Hood”,

came the reply without a thought. He is the hero of my life and will be the one if I have to

paint. Back home, I pilot my aeroplane, my computer. Mom and Dad are scientists and are

in a lab, theirs is a love marriage.

As I finish checking mails, the daemon programs configured at startup get me the list of IIS

servers; and the boy at the store rings the door and delivers my chicken pizza. The

vulnerability that I have discovered in IIS allows me to get into the corporate Intranets.

There I leave a worm, similar to the Haiku, telling that Robin Hood has visited them. It has

already come up in the Internet and shall percolate to media sooner. There shall be lot of

hype and the pursuit is thrilling. Soon they will discover it as a bug and will work on a fix,

and the software evolves, and so do i. This is my hobby and I am a hacker. Doing actions

without revealing identity is what I do, anonymity is the name of the game.

Hackers are highly intellectual people and mostly prodigies. They are benefactors of

evolution. There is also a certain ego satisfaction in identifying oneself as a hacker. Hacking

pursuits do not intend to condone damage on the systems that are hacked.

However to err, is human. After gaining control over a system, unintentional operations may

cause damage to the existing infrastructure. Loss could be accrued for which there is a

liability. The Indian Act discourages unauthorized access, a fraud prevention activity.

Intrusion Detection Softwares are evolving to detect fraud. A skilled intruder will avoid

extensive connection time on a victim machine at all costs. He will do this by disabling the

Page 2 of 13
record operations into history files. Only when a file cannot be browsed or database queried

will a skilled intruder resort to file transfer.

System Administrator’s perspective

Experience is what we get when we do not get what we want. 5 years of experience did not

leave my table cleaner. System Administration is hard work rather than intelligent work.

Installing the same software on 50 machines makes it monotonous. And it is a thankless job

too. People come to doctors, police, lawyers and system administrators only when there is a

problem. My experience says that offences are committed due to negligence of users and

the entire network is in a soup.

People use passwords that are same as user name, some don’t, some share passwords

among colleagues, bosses divulge them to sincere subordinates, some shout them over.

Some companies have floppies on all systems and no restrictions at entry. This is due to

lack of security policy. Intellectual property is the main tangible asset of a company; it has

to be protected. where as mostly it lies in the network, unencrypted and open to prying

eyes.

Systems have to be in place for prevention rather than detection. Chat clients like Yahoo,

MSN and ICQ reveal the IP address of the receptor over the Internet, which can further be

used to commit crimes. Virus Protection Software, Firewalls, Proxies and Gateways can be

erected but unless there is a change in attitude, there is a high probability of offences being

conducted. System Administration is everybody’s job.

Cyber Terrorist Leader’s Perspective

They have not captivated our heroes, but our spirit of freedom and happiness. They have

bombed our cities like we sow seeds in our farms. Now, the time has come for them to reap

the fruits of their actions. An email shall be sent at 11:45 PM today to all the network points

Page 3 of 13
indicating the target EFT servers. That is the time when their business day gets started as

usual, but this day will be unusual for them. Once you get the command list, start the

attack. As soon as the task assigned to you is complete, send a confirmation mail. In case

of an incomplete task, send a void mail. The tasks at all domains shall be completed by 2

AM.

I advice you to have a peaceful sleep. The toil of sleepless nights is over. As the sun rises in

our region, it brings hope and freedom and by the time it sets in their region, will dawn their

money with technologies. They realize that money that went into the bytes can never be

reconverted. Our mission will be accomplished and our dreams fulfilled. Allah has sent us to

punish the wicked and so shall they not go unpunished, as we hit them where it hurts the

most. Jihaaad.

Distributed Denial of Service (DDoS) can mean more harm than what the name conveys.

Not only is unavailability of service the target of well-planned terrorists but a higher harm

can be contemplated. One country cannot by itself enact laws the comprehensively address

the problems of Internet offences without the cooperation from other countries. Never

before has it been so easy to commit an offence in one jurisdiction while hiding behind the

jurisdiction of another.

Employee’s perspective

Ours is one of the world’s leading MNC. We develop state-of-the-art softwares. With

branches in 70 countries, we feel at home in any point of the globe. Most of the

communication formal, semi formal, supplier, vendor and the 360 degree one is done

through emails. Each country’s office has a group id to which if a mail sent, will be delivered

to all the personnel in that country. The HR and Management use this account to

communicate if there is any point prominent to make. Some times emotional professionals

use this to bid adieu to their colleagues.

Page 4 of 13
Monday, the day of return to routines and I start checking the mails, sipping a cup of coffee,

as is our trend. A mail from our CEO, Umm! Are we making profits? And, astonishing

news. “ Are you aware of the affair between Celina and Douglas? Do you think it is love?”.

Holy Shit! Why will our CEO send such a mail? It is the act of some idiot. But who are these

Celina and Douglas? As these thoughts run on my mind, they run on the minds of all our

employees and soon it is known that they are the Project Manager and Software Engineer of

the product, “Zombie Protection System”. The V.P commissions them to his office and asks

them for an explanation of their acts that has resulted in such a mail, for which they reply

by submitting their resignation letters. The System Admin is called and he remains silent, as

he could not say, “ It has been done, as it could be done”. Now my company cannot start

training sessions on professional ethics and policies on whistling, shouts the V.P in a fit of

temper.

Defamation, a cheap tricked played by people who are jealous, is the cause of unnecessary

discussion and sometimes panic across the company.

Competition exists across companies producing similar items in the market. An E-commerce

site gives provision to its customers, while shopping, to select any Payment gateway among

the multiple gateways it supports. A Company corrupts its rival gateway by denial of

service. As transaction translates to money, it is a loss for the company not just in terms of

transaction failure, but loss of goodwill of the customer who never selects a failed payment

gateway for the next transaction.

Cracker’s Perspective

Crackers are never caught and those that are caught are not crackers, they are playing the

game in a silly manner. Some are real kiddies below 15. The police catch them and do not

know what to do with them. They are sympathized; not to say admired by the society. A

cracker is always two steps ahead of the police and intrusion detection systems. He is

committing offences that have not yet been recorded in books.

Page 5 of 13
SYN flood attacks, UCP flood attacks and ICMP flood attacks are old ways of doing things.

And there are people who get success using these techniques too. Not all have taken care to

protect their networks. And there are network security companies selling their softwares,

containing vulnerability analysis of known bugs and making a good business. They can

never know what the crackers do, as the new methods created by them to break the

networks have not yet been named.

History is full of stories of strong systems conquering the weaker ones. Rama listening to

Vibhishana hits Ravana in his weak point, and so does Bheema to Duryodhana, Drona to

Ekalavya and Yudhistira to Drona. So, for survival one always has to be better than his

enemy. There are five types of people in the world, people that make news, people that

write news, people that read news, people that ask what’s happening and people that are

not bothered. The fourth and fifth are always the target. Crackers belong to the first group.

Public Key Infrastructure which is conceived as demi-god equivalent in terms of trust has

also got the weaknesses. They are compromise on the part of private key, certifying

authority and breakage of cryptographic algorithm. For any system all that the “ker”s do is

know the weakness and attack.

A cracker has a philosophy that is intoxicatingly convincing and a cracker will never say that

he is one. Strength and weakness are two corners of a scale with the world within. So is

good and bad. An offence has multi dimensional factors to scale. There are strong systems

and weak systems in the Internet. There are people with right intentions and wrong

intentions. When ever a strong system is in the hands of wrong people or a good system in

a weak condition there is vulnerability.

HR Manager’s Perspective

Recruitment of IT professionals is on the rampage. The concept of a temporary job is

becoming permanent. This year new costs are expected from the HR field, apart from costs

of recruiting; that is the cost of retaining. People are jumping from one company to another

like monkeys. A typical strategy by an employee is to show an appointment letter of his new

Page 6 of 13
job and get a salary hike from us and show the hike to his recruiter and start off on a higher

note. While all of this is fine as long as the management concedes and there are people

worth the mettle, we are busier than ever. Conducting recruitment drives on weekends, and

moving to new cities for newer talents is very common. Another concept that is in action is

the concept of flexible timings. Time difference between our country and our business

partners has made such changes imperative. The employees working in night shifts are less

monitored than their counterparts.

Few bachelors are eager to stay in the company on Saturdays and Sundays in the pretext of

acquiring new skills. Such people are admired or sympathized but never monitored. Tonnes

of songs and other unwanted material is downloaded and put on the network in a computer

other than the employee’s and sometimes in a hidden format. These employees assume

privileges on resources such as printers, Internet and most importantly the corporate

network.

Valuable IP of the company resides there. While some people make the best advantage of

these resources for the benefit of themselves and their company, all are not so. And it is

virtually impossible to filter the wheat from the chaff. To make a general observation, it is

observed that the element of “namak” is missing in the new generation techies. One

unmonitored and disgruntled employee can cause havoc to the company. As HR Managers

we know it better.

September 11th is the day on which a point has been made. Aeroplane and Building are used

as tools. Hearts of Americans are struck with terror. Computers can be used as tools to

commit offences that are traditional in nature. This opens up new combinations. Murder

using computer, Credit thefts are not unheard of. A system cannot be made foolproof as

nature always produces a better fool. Often a new technology or infrastructure is conceived

as a remedy for existing weakness, but a new technology comes with it’s own set of

loopholes for the explorer to exploit. IP address is a basic information obtained in any

internet transaction. Most offences are committed based upon IP Addresses. A reverse

Page 7 of 13
lookup on the IP address tracks down the system and also the route to the offence.

Software such as Samspade, tracert, or Visual Route can be used for the purpose.

Information is a valuable asset. Not only is the transfer of information, but even

unauthorized viewing may diminish its value. If a system is connected to the Internet there

is every chance of it being attacked. Once IP address is known, DOS attacks such as Ping of

Death, Smurf, UDP flooding or modem disconnection can be committed. Control over a

system is acquired by looking at open ports on an IP. An offence is termed as a crime only

when proved in a court of law. Law does not distinguish between crime and mischief,

cracker and hacker.

Security is an overhead for the network but it gives protection to the resources. Network

security becomes important, as companies will be viewed as units. Developing a corporate

policy for security is also vital. To maintain a secure operation, one has to stay a step ahead

of the “ker”s. Keeping up to date on software patches is critical to any security plan. The

vast computing infrastructure constructed by private industry can be utilized to lodge a

massive attack.

Another example of attack is that of an open access point in a Wireless network. Wireless

access points have been added to many corporate networks without proper renovation of

overall security policy. War Driving is a mechanism of sniffing 802.11 networks that have

open ports. Each network card is associated with a MAC (Media Access Control) address,

which uniquely identifies the device. A macof program can be used to cause a switch to fail

open and mailsnorf program to capture emails that reach any person into one’s system.

Both the tools are from Dsniff suite. The CAM (Content Addressable Memory) is where the

switch stores the MAC info and when this fills up, the switch begins to flood the unknown

MAC addresses to every port on the VLAN, in effect failing open. This could be made use of

by the offender to access all the data that goes into and out of the network.

An offence always starts in the mind of the aggressor and ends in the mind of the victim.

The stages in the life cycle of an offence are intended (but not committed), committed (but

Page 8 of 13
not permitted), permitted (but not identified), identified (but not conveyed), conveyed (but

not tracked), tracked (but not convicted), convicted but loss not recovered.

No computer or network could ever be 100% secure but understanding and prevention is

the key factor. One weak node could compromise the entire network. Most computer

criminals thrive not on knowledge but blossom due to ignorance on the part of System

Administrators. There are countless cyber crimes that are not made public due to private

industry’s reluctance to publicize its vulnerabilities and government’s concern for security.

There are bugs in various software’s and exploitation of these bugs result in a hack.

Computer crime is a low risk, high profit affair. Information for some organizations is an

asset, like money. Crimes are classified as done against a person or an organization. A

stalker may post a controversial message on the board under the name, phone number,

email of the victim resulting in subsequent responses being sent to the victim. This is an

example of using personal information to commit offences. Most entities provide services

requesting information from users, but never authenticate this information. This could be

the cause for a lot of crimes as anonymity is respected here. Accidental, Negligent and

unauthorized misuse has to be distinguished. It is always possible to prove the presence of

errors, not their absence. There is no internationally recognized definition for cyber crime.

When someone fires a bullet from a gun, it is actually the bullet that does the killing while

the actual physical firing is pulling the trigger on the instrument. Similarly bits of data that

have been set into action from a computer is an extension of an actor’s person. Computer

crime and security may not just be hardware or software problem but a people-ware

problem.

Fraud Detection

Fraud detection has three aspects to it; intrusion detection, intrusion identification and

assigning intrusion to fraud. Using specialized software such as BlackIce, Snort, NetRanger

it is possible to sniff intrusion. It can be seen that a number of users, robots and other

entities will be constantly accessing the system once the computer is on the Internet.

However not all of these intrusions are with false intent. Even most softwares give false

alerts and it is essential to keep a person to check this. Answering the questions, ”Why will

Page 9 of 13
anybody be interested in my network”, Who will be interested and What will he be

interested in?” will help the filtration process. Intrusion Detection is based on the

assumption that avoiding each and every security breach is practically impossible. Instead,

Intrusion Detection stresses the need to identify-preferably in real time-attempts to breach

security and to assess the damage they've caused. An Intrusion Detection System (IDS)

tries to detect attempted intrusions into a system or network and alert users. An IDS

constantly works away in the background in your system, notifying you only when it detects

something it considers suspicious or illegal. However, whether that notification will be of any

use to you will depend entirely on how well IDS is configured!

Anomaly detection: The most common approach for sniffing out an intrusion in a network

is through identifying statistical anomalies. The idea is to measure a 'baseline' of statistics,

like CPU utilization, disk activity, user logins, file activity and so on. The system can then

trigger off whenever there's a deviation from this baseline. The good thing about this

approach is that it can detect the anomalies without having to understand the cause. Let's

say you monitor the traffic from individual workstations. The system notes that at 2 AM,

many of these workstations start logging into the servers and carrying out tasks. This may

be something interesting to act on.

Signature recognition: Most commercial IDSs examine network traffic, looking for well-

known patterns of attack. This means for every hacker technique, engineers code

something into the system. This can be as simple as a pattern match can. The classic

example is to check every packet on the wire for the pattern '/cgi-bin': this may indicate

that somebody was trying to access this vulnerable CGI script on a Web server. Some IDSs

are built from large databases with hundreds (or thousands) of such strings. They just plug

into the wire and trigger on every packet they see having one of these strings.

A Cyber Crime Common Body of Knowledge (CC-CBOK) is presented below

Data diddling: This kind of an attack involves altering the raw data just before it is

processed by a computer and then changing it back after the processing is completed

Trojan Horse Attack: A program that hits the machine at an unexpected time and remains

hidden from the user.

Page 10 of 13
Logic Bomb: A virus that has been configured to attack the system at a specified time.

Dumpster Diving: Looking at dustbin for gathering valuable data.

IP Spoofing: Making false pretensions of a different IP address.

Masquerading: Moving hidden in networks as though wearing a mask.

Password Suiting: Guessing of a password based upon common sense logic.

Worm: A software program that multiplies like a virus but causes no harm.

Salami Technique: A technique using which the developers credit the fractional amounts in

a financial transaction into their accounts.

Information Warfare: Application of destructive force on large-scale information systems.

The vulnerable infrastructures that are targeted are Power Grid, Communications, Financial

and Transportation.

Chipping: Malicious alterations of computer hardware.

Spamming: A junk mailing activity.

Cyber Stalking: The Oxford dictionary defines stalking as "pursuing stealthily". Cyber

stalking involves following a person's movements across the Internet by posting messages

(sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-

rooms frequented by the victim, constantly bombarding the victim with emails etc.

Page 11 of 13
References

• Cyber Crime- Impact in the new Millenium- Dr.R.C. Mishra, IPS

• Cyber Crimes, Notorious Aspects of humans and the Net. Yogesh Barua and Denzyl P.

Dayal (Dominant Publications, New Delhi)

• Intrusion Detection Systems by Anuradha Gupta

• Hacker’s Challenge 2 – Tata Mc Graw Hill

• Network Security, A hacker’s perspective- Ankit Fadia- Macmillan

Page 12 of 13
Author: Avinash Mangipudi (MBA)

Current Designation: Student

University: Hyderabad Central University

Course: Cyber Laws and Legal Information Systems

Contact Email: avirads@gmail.com

Page 13 of 13