Chapter 6A - History and Future of

Cybercrime

Forensic Computer SFR2083

The Internet Spawns crimes

The internet crimes are different, the first type is

hacking, and it can contain many types such as:
Accessing - entering a network which is intended to be
private.
Defacing changing the content of another persons
Web site.
Hijacking redirecting elsewhere anyone trying to
access a particular Web site.
Bombing overwhelming a site with countless
messages to slow down or even crash the server.
Denial of service running a program which sends
thousands of requests to a site simultaneously,
frequently from more than one source, so that the
relevant server slows down significantly or if possible the
server crashes.

The Internet Spawns crimes

The other type of crime is the use of malicious programs

such as viruses, Trojans, worms, and bots.
Also, Pirating Digital technology makes it very easy to
copy perfectly creative products such as music, films, or
computer applications and the Internet provides a free and
almost anonymous means of transmitting or exchanging
this pirated material around the world.
Moreover, illegal trading on the Internet uses chatrooms, bulletin boards, newsgroups and Web sites.
For example, counterfeiting of well-known brand goods is
very famous online, such as, cigarettes, cosmetics and
perfumes.
One of the most common types of fraud on the Internet is
designed to trick users of certain sites - particularly
banks and building societies - into revealing their
passwords or other confidential information needed to

The Internet Spawns crimes

A common means of doing this is to e-mail customers

advising that it is necessary to check or confirm their
password by clicking onto a realistic but fake website and
then inputting the confidential information.
It is then possible for money to be falsely transferred
from the individual's account.
Scams are another type of crime that can be found on the
internet, a typical Internet scam is to put up a fake Web
site which is just a front for criminal activity.
Only slightly more sophisticated is the get rich quick site.
This offers grants or payments in return for credit card or
bank account details.
Money Laundering is another form of crimes that can be
done online, criminals can launder huge sums of money in
cyberspace by using on-line trading and banking.

The Internet Spawns crimes

To prevent or reduce the occurrence of these types

of crimes, Internet users especially those making
purchases on the Web need to exercise a sense of
caution, as they must do with any off-line
purchases.
This included checking the security policy of the
Web site and being particularly cautious when
dealing with an unknown or new brand.
It might be helpful to note that any Web site with
an address beginning with https is using an
encryption technology called Secure Socket Layer
(SSL).

Worms versus Viruses

Viruses are computer programs that are designed

to spread themselves from one file to another on
a single computer.
A virus might rapidly infect every application file
on an individual computer, or slowly infect the
documents on that computer, but it does not
intentionally try to spread itself from that
computer to other computers.
In most cases, that's where humans come in.
We send e-mail document attachments, trade
programs on diskettes, or copy files to file
servers.
When the next unsuspecting user receives the

Worms versus Viruses

Worms, on the other hand, are insidious

because they rely less (or not at all) upon
human behavior in order to spread
themselves from one computer to others.
The computer worm is a program that is
designed to copy itself from one computer to
another over a network (e.g. by using e-mail).
The worm spreads itself to many computers
over a network, and doesn't wait for a human
being to help.
This means that computer worms spread
much more rapidly than computer viruses.

Trojans and similarities to viruses and

worms.

A Trojan is another type of malware named after the wooden

horse the Greeks used to infiltrate Troy.
It is a harmful piece of software that looks legal.
Users are typically tricked into loading and executing it on
their systems.
After it is activated, it can achieve any number of attacks on
the host, from irritating the user (popping up windows or
changing desktops) to damaging the host (deleting files,
stealing data, or activating and spreading other malware,
such as viruses).
Trojans are also known to create back doors to give malicious
users access to the system.
Unlike viruses and worms, Trojans do not reproduce by
infecting other files nor do they self-replicate.
Trojans must spread through user interaction such as opening
an e-mail attachment or downloading and running a file from
the Internet.

Bots Definition

"Bot" is derived from the word "robot" and is

an automated process that interacts with
other network services.
Bots often automate tasks and provide
information or services that would otherwise
be conducted by a human being.
A typical use of bots is to gather information
(such
as
web
crawlers),
or
interact
automatically with instant messaging (IM),
Internet Relay Chat (IRC), or other web
interfaces.
They may also be used to interact
dynamically with websites.

Bots and its malicious use

A malicious bot is self-spreading malware

designed to infect a host and connect back to a
central server or servers that act as a command
and control (C&C) center for an entire network of
compromised devices, or "botnet."
With a botnet, attackers can launch broad-based,
"remote-control," flood-type attacks against their
target(s).
In addition to the worm-like ability to selfpropagate, bots can include the ability to log
keystrokes, gather passwords, capture and
analyze packets, gather financial information,
launch DoS attacks, relay spam, and open back
doors on the infected host.

Bots and its malicious use

Bots have all the advantages of worms, but

are generally much more versatile in their
infection vector, and are often modified within
hours of publication of a new exploit.
They have been known to exploit back doors
opened by worms and viruses, which allows
them to access networks that have good
perimeter control.
Bots rarely announce their presence with high
scan
rates,
which
damage
network
infrastructure; instead they infect networks in
a way that escapes immediate notice.

Responding to Malicious Code

Incidents

While malicious code presents itself in several

differing forms (for example, viruses, worms,
or Trojan horses), the key procedures for
handling them are nearly the samefor
example, system isolation and the need for a
quick response.
A computer virus is a small program written
to modify or change the way a computer
operates.
In general, a computer virus must meet two
requirements:
It must be self-executing.

Responding to Malicious Code

Incidents

Some viruses are designed to disrupt normal

computer operations by damaging applications,
deleting files, or, in extreme cases, reformatting the
hard disk.
Others are better classified as nuisances and are
not designed to cause any real lasting harm.
Instead of causing damage, benign viruses simply
replicate themselves and make themselves known
by presenting users with audio, video, or text
messages.
Even these so-called harmless viruses, however,
can create problems for an organizations network
by occupying computer memory used by legitimate
programs and slowing down system operations.

Responding to Malicious Code

Incidents

Isolate the System and Notify Appropriate

Staf

Once a computer virus, worm, or Trojan horse is discovered, the

infected computer(s) must be isolated from the remaining
network computers as soon as possible.
When a worm is suspected, a decision must be made to
disconnect the LAN from the Internet.
Isolation is one simple method for quickly halting the spread of a
worm.
Systems suspected of being infected should not be powered off or
rebooted.
This is because some viruses infect a computers boot sector and
thereby may destroy some or all of the hard disk data if the
system is rebooted.
Additionally, rebooting a system could destroy needed
information or evidence.
Finally, notify incident response personnel as soon as any

Responding to Malicious Code

Incidents

Contain the Virus, Worm, or Trojan Horse

All suspicious processes should now be halted and
removed from the system.
Make a full backup of the system and store that
backup in a safe place.
The tapes should be carefully labelled so
unsuspecting people will not use them in the future.
After that, remove all suspected infected files or
malicious code.
In the case of a worm attack, it may be necessary
to keep the system(s) isolated from the outside
world until computers have been cleaned to
prevent further spread.

Responding to Malicious Code

Incidents

Inoculate the System

Once the malicious code has been contained, your next

step is to use up-to-date antivirus software to remove
remaining virus code.
In addition, you should update and patch operating
systems and applications against further attack.
Prior to implementing any fixes, it may be necessary to
assess the level of damage to the system.
If the virus or worm code has been quickly stopped, then
the task of assessing the damage is not especially difficult.
However, if the malicious code was successful and caused
significant damage, it may then be best to restore the
system from backup tapes.
Once the system is brought back into a safe mode,
then any patches or fixes should be implemented and
tested.

Responding to Malicious Code

Incidents

Return Systems to Normal Operating Mode

Prior to bringing systems back into normal

function, all users should be notified that
the systems are returning to a fully
operational state.
It is recommended that all users change
their passwords.
Before restoring connectivity to the Internet,
verify that all afected parties have
successfully eradicated the problem
and inoculated their systems.

Wireless

Cyber criminals prefer to hack and take advantage of users

using wireless networks, then, protecting your wireless
connection is highly desirable.
The wireless security measures that can be implemented to
secure your wireless connection are as the following:
1.
2.
3.
4.

5.
6.

Moving wireless hubs away from windows and toward the centre
of buildings
Ensuring that wireless encryption is enabled
Disabling broadcasts on the networks hubs
Changing the default settings such as the Service Set Identifier
(SSID) and the default password on the wireless access point or
router
Limiting the number of wireless access points can also make the
WLAN less vulnerable to unauthorized access
Treating the wireless network as though it were a public network
and not sending sensitive data over it without taking
precautions (such as using another encryption method along
with WEP)

THE END