Professional Documents
Culture Documents
12
Acknowledgment
All the praise to Almighty Allah the most beneficent and merciful who gave us this
opportunity to compile this research report.
I am very thankful to course instructor Mrs Farah Nawaz who remained very
cooperative and helpful throughout this work. She just did not make my concepts
clear but gave me vivid direction and east path to compile this report. I hope that
he will continue to guide me in this way in future.
This report is the combination of lot of sincere hard work and dedication. This
report is the result of valuable ideas and suggestions given by IT experts and MS
students. They all were very cooperative and helpful through this research report.
I am also very thankful to my class fellows who were very supportive to make the
things easy, as it was very strenuous task.
I will highly appreciate any suggestion for improvement in this report or any other
queries regarding this report and its contents from everyone especially from my
12
companions and well wishers. As nothing is perfect in this world and there is
always a room for improvement.
Table of Contents
Write up # 5:......................................................................................................34
PROBLEM DEFINITION...........................................................................................35
THEORETICAL FRAMEWORK......................................................................................38
DEPENDENT VARIABLE:.........................................................................................38
INDEPENDENT VARAIBLES:....................................................................................38
DESCRIPTION OF INDEPENDENT VARIABLES:.....................................................38
MODERATING VARIABLE:.......................................................................................39
DESCRIPTION OF MODERATING VARIABLES:......................................................39
INTERVENING VARIABLES:.....................................................................................39
RELATIONSHIPS AMONG VARIABLES.........................................................................40
INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP...........................................40
INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP ALONGWITH THE ..............41
MODERATING VARIABLE:.......................................................................................41
INTERVENING VARIABLE IN INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP: 12
.............................................................................................................................. 42
HYPOTHESIS DEVELOPMENT.....................................................................................44
Null Hypothesis:.................................................................................................... 44
Alternate Hypothesis: ...........................................................................................44
SCIENTIFIC RESEARCH DESIGN.................................................................................46
PURPOSE OF THE STUDY:......................................................................................46
TYPES OF INVESIGATION:......................................................................................46
EXTENT OF RESEARCHER’S INTERFERNCE:...........................................................46
STUDY SETTING:....................................................................................................47
UNIT OF ANALYSIS:................................................................................................47
SAMPING DESIGN:.................................................................................................47
TIME HORIZON:......................................................................................................47
DATA COLLECTION, ANALYSIS AND INTERPRETATION..............................................49
DATA COLLECTION:............................................................................................... 49
SECONDARY DATA COLLECTION:...........................................................................49
PRIMARY DATA COLLECTION:................................................................................49
Structured interviews:........................................................................................49
DEDUCTION..............................................................................................................59
Solutions of Cyber Crimes........................................................................................62
Solutions - the way ahead.....................................................................................63
CONCLUSION............................................................................................................65
RECOMMENDATION..................................................................................................66
REFRENCES...............................................................................................................67
ABSTRACT
RESEARCH METHODOLOGY
The first section of the report include the research process diagram, observation, objective of the
research as to why we are doing this research, preliminary data gathered to have a clear
knowledge of the following research, theoretical framework in which all the possible variables
12
are defined along with this hypothesis is also generated in the form of statements, scientific
research design which includes information about sampling and data collection procedures.
This section extracts and displays all the data that was collected in the conclusive research and
presents this in the form of close cross tabulations, graphs and pie charts to simplify
interpretation. We have used Microsoft excel for the calculations.
RESEARCH RESULTS:
This section includes the analysis of data ad draws results based on them. This includes basic
research findings, conclusions and recommendation according to the data collected and analyzed.
ess
Proc
h
earc
Res
The
12
STEP-1
OBSERVATION
12
OBSERVATION
The information infrastructure is increasingly under attack by cyber criminals. The number, cost,
and sophistication of attacks are increasing at alarming rates. Worldwide aggregate annual
damage from attacks is now measured in billions of U.S. dollars. Attacks threaten the substantial
and growing reliance of commerce, governments, and the public upon the information
infrastructure to conduct business, carry messages, and process information. Most significant
attacks are transnational by design, with victims throughout the world.
Measures thus far adopted by the private and public sectors have not provided an adequate level
of security. While new methods of attack have been accurately predicted by experts and some
large attacks have been detected in early stages, efforts to prevent or deter them have been
largely unsuccessful, with increasingly damaging consequences. Information necessary to
combat attacks has not been timely shared. Investigations have been slow and difficult to
coordinate. Some attacks gets birth in Pakistan that lack adequate laws governing deliberate
destructive conduct.
Efforts shall be made to make a security code and program to guard the computer system from
misuse, routers and firewalls can be used to protect the computer network. A check should be
kept on the functioning of cyber cafes and any mishappening shall be reported to the concerned
authorities. Strict cyber laws should be formulated and implemented to fight against cyber
criminals.
12
STEP-2
PRELIMINARY
DATA GATHERING
1. INTRODUCTION:
12
Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime
be discussed and the points of similarity and deviance between both these forms may be
discussed.
CONVENTIONAL CRIME:
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal
concept and has the sanction of the law. Crime or an offence is a legal wrong that can be
followed by criminal proceedings which may result into punishment. The hallmark of criminality
is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be
discovered by reference to any standard but one: is the act prohibited with penal consequences”.
A crime may be said to be any conduct accompanied by act or omission prohibited by law and
consequential breach of which is visited by penal consequences.
CYBER CRIME
Cyber crime is the latest and perhaps the most complicated problem in the cyber world. Cyber
crime may be said to be those species, of which, genus is the conventional crime, and where
either the computer is an object or subject of the conduct constituting crime. Per Lord Atkin
“Any criminal activity that uses a computer either as an instrumentality, target or a means for
perpetuating further crimes comes within the ambit of cyber crime”
A generalized definition of cyber crime may be “unlawful acts wherein the computer is either a
tool or target or both”. The computer may be used as a tool in the following kinds of activity-
financial crimes, sale of illegal articles, pornography, online gambling, intellectual property
crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however
be target for unlawful acts in the following cases- unauthorized access to computer/ computer
system/ computer networks, theft of information contained in the electronic form, e-mail
bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web
jacking, theft of computer system, physically damaging the computer system.
There is apparently no distinction between cyber and conventional crime. However on a deep
introspection we may say that there exists a fine line of demarcation between the conventional 12
and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in
cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at
any stage, of the virtual cyber medium
The first recorded cyber crime took place in the year 1820!
That is not surprising considering the fact that the abacus, which is thought to be the earliest
form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of
modern computers, however, began with the analytical engine of Charles Babbage.
In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This
device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted
in a fear amongst Jacquard's employees that their traditional employment and livelihood were
being threatened. They committed acts of sabotage to discourage Jacquard from further use of
the new technology. This is the first recorded cyber crime!
Today, computers have come a long way, what with neural networks and nano-computing
promising to turn every atom in a glass of water into a computer capable of performing a billion
operations per second.
Cyber crime is an evil having its origin in the growing dependence on computers in modern life.
In a day and age when everything from microwave ovens and refrigerators to nuclear power
plants is being run on computers, cyber crime has assumed rather sinister implications.
Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity
usually involves a modification of a conventional crime by using computers. Some examples are:
Financial crimes
This would include cheating, credit card frauds, money laundering etc.
This would include sale of narcotics, weapons and wildlife etc., by posting information on
websites, auction websites, and bulletin boards or simply by using email communication. E.g.
many of the auction sites even in India are believed to be selling cocaine in the name of ‘honey’.
Online gambling:
There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it
is believed that many of these websites are actually fronts for money laundering.
Email spoofing
A spoofed email is one that appears to originate from one source but actually has been sent from
another source. E.g. Faraz has an e-mail address pooja@asianlaws.org. Her enemy, Sameer
spoofs her e-mail and sends obscene messages to all her acquaintances. Since the e-mails appear
to have originated from Faraz, her friends could take offence and relationships could be spoiled
for life. Email spoofing can also cause monetary damage.
Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using
sophisticated computers, printers and scanners.
Outside many colleges across pakistan, one finds touts soliciting the sale of fake mark sheets or
even certificates. These are made using computers, and high quality scanners and printers. In
fact, this has becoming a booming business involving thousands of Rupees being given to
student gangs in exchange for these bogus but authentic looking certificates.
Cyber Defamation:
This occurs when defamation takes place with the help of computers and / or the Internet. E.g.
someone publishes defamatory matter about someone on a website or sends e-mails containing 12
defamatory information to all of that person’s friends.
Cyber stalking:
The Oxford dictionary defines stalking as “pursuing stealthily”. Cyber stalking involves
following a person’s movements across the Internet by posting messages (sometimes
threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented
by the victim, constantly bombarding the victim with emails etc.
Now, let us examine some of the acts wherein the computer is the target for an unlawful act. It
may be noted that in these activities the computer may also be a tool. This kind of activity
usually involves sophisticated crimes usually out of the purview of conventional criminal law.
Some examples are:
This activity is commonly referred to as hacking. An active hackers’ group, led by one “Dr.
Nuker”, who claims to be the founder of Pakistan Hackers Club, reportedly hacked the websites
of the Indian Parliament, Ahmedabad Telephone Exchange, Engineering Export Promotion
Council, and United Nations (India).
This includes information stored in computer hard disks, removable storage media etc.
Data diddling
This kind of an attack involves altering raw data just before it is processed by a computer and
then changing it back after the processing is completed. Electricity Boards in Pakistan have been
victims to data diddling programs inserted when private parties were computerizing their
systems.
Salami attacks
These attacks are used for the commission of financial crimes. The key here is to make the
alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank
employee inserts a program, into the bank’s servers, that deducts a small amount of money (say
Rs. 5 a month) from the account of every customer. No account holder will probably notice this
unauthorized debit, but the bank employee will make a sizeable amount of money every month.
This involves flooding a computer resource with more requests than it can handle. This causes
the resource (e.g. a web server) to crash thereby denying authorized users the service offered by
the resource. Another variation to a typical denial of service attack is known as a Distributed
Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically 12
widespread.
It is very difficult to control such attacks. The attack is initiated by sending excessive demands to
the victim’s computer(s), exceeding the limit that the victim’s servers can support and making
the servers crash. Denial-of-service attacks have had an impressive history having, in the past,
brought down websites like Amazon, CNN, Yahoo and eBay!
Virus / worm attacks
Viruses are programs that attach themselves to a computer or a file and then circulate themselves
to other files and to other computers on a network. They usually affect the data on a computer,
either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves
to. They merely make functional copies of themselves and do this repeatedly till they eat up all
the available space on a computer’s memory. The VBS_LOVELETTER virus (better known as
the Love Bug or the ILOVEYOU virus) was reportedly written by a Filipino undergraduate.
Logic bombs
These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. E.g. even some viruses
may be termed logic bombs because they lie dormant all through the year and become active
only on a particular date (like the Chernobyl virus).
Trojan attacks
A Trojan as this program is aptly called is an unauthorized program which functions from inside
what seems to be an authorized program, thereby concealing what it is actually doing. There are
many simple ways of installing a Trojan in someone’s computer.
This connotes the usage by an unauthorized person of the Internet hours paid for by another
person.
Web jacking
This occurs when someone forcefully takes control of a website (by cracking the password and
later changing it). The actual owner of the website does not have any more control over what
appears on that website.
This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral
attached to the computer. 12
Unauthorized Access
“Gaining entry into, instructing or communicating with the logical, arithmetical, or memory
function resources of a computer, computer system or computer network”.
Unauthorized access would therefore mean any kind of access without the permission of either
the rightful owner or the person in charge of a computer, computer system or computer network.
Thus not only would accessing a server by cracking its password authentication system be
unauthorized access, switching on a computer system without the permission of the person in
charge of such a computer system would also be unauthorized access.
Packet sniffing, tempest attack, password cracking and buffer overflow are common techniques
used for unauthorized access.
Viruses
A computer virus is a computer program that can infect other computer programs by modifying
them in such a way as to include a (possibly evolved) copy of it. Note that a program does not
have to perform outright damage (such as deleting or corrupting files) in order to be called a
"virus".
Email has fast emerged as the world’s most preferred form of communication. Billions of email
messages traverse the globe daily. Like any other form of communication, email is also misused
by criminal elements.
The ease, speed and relative anonymity of email has made it a powerful tool for criminals. Some
of the major email related crimes are:
1. Email spoofing
2. Sending malicious codes through email
3. Email bombing 12
4. Sending threatening emails
5. Defamatory emails
6. Email frauds
1. Email spoofing
A spoofed email is one that appears to originate from one source but has actually emerged from
another source. Email spoofing is usually done by falsifying the name and / or email address of
the originator of the email.
Usually to send an email the sender has to enter the following information:
Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The
Love Bug virus, for instance, reached millions of computers within 36 hours of its release from
the Philippines thanks to email.
Hackers often bind Trojans, viruses, worms and other computer contaminants with e-greeting
cards and then email them to unsuspecting persons. Such contaminants can also be bound with
software that appears to be an anti-virus patch. E.g. a person receives an email from
information@mcaffee.com (this is a spoofed email but the victim does not know this). The email
informs him that the attachment contained with the email is a security patch that must be
downloaded to detect a certain new virus. Most unsuspecting users would succumb to such an
email (if they are using a registered copy of the McAffee anti-virus software) and would
download the attachment, which actually could be a Trojan or a virus itself!
3. Email bombing
Email bombing refers to sending a large number of emails to the victim resulting in the victim’s
email account (in case of an individual) or servers (in case of a company or an email service
provider) crashing.
A simple way of achieving this would be to subscribe the victim’s email address to a large 12
number of mailing lists. Mailing lists are special interest groups that share and exchange
information on a common topic of interest with one another via email. Mailing lists are very
popular and can generate a lot of daily email traffic – depending upon the mailing list. Some
generate only a few messages per day others generate hundreds. If a person has been
unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large
and his service provider will probably delete his account.
The simplest email bomb is an ordinary email account. All that one has to do is compose a
message, enter the email address of the victim multiple times in the “To” field, and press the
“Send” button many times. Writing the email address 25 times and pressing the “Send” button
just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a
group of 10 people do this for an hour, the result would be 750,000 emails!
There are several hacking tools available to automate the process of email bombing. These tools
send multiple emails from many different email servers, which make it very difficult, for the
victim to protect himself.
4. Threatening emails
Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by
it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a
blackmailer by threatening someone via e-mail.
5. Defamatory emails
As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to
be very harmful and even fatal to the people who have been made its victims.
6. Email Frauds
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just
to assume someone else’s identity but also to hide one’s own. The person committing the crime
understands that there is very little chance of his actually being identified.
A comparative analysis of cyber crimes in developing & developed countries. G8 wages war on
cyber crime is described below where as for the study of the developing countries I have taken
India, China, and Bangladesh into consideration.
The move follows a meeting in Washington of the interior and justice ministers of Britain,
Canada, France, Germany, Italy, Japan, Russia and the United States.
The US Attorney-General, Janet Reno, said criminals were no longer restricted by national
boundaries and all countries had to act together if they wanted to combat cyber-crime.
"With emerging technologies, no longer will we have to fight 21st century crimes with 19th
century tools," she said. "Today is an important day in fighting computer crime, and in laying the
groundwork for the next century of crime fighting."
• pedophilia
• drug-trafficking
• money-laundering
• electronic fraud such as theft of credit card numbers, money-laundering and
computerized piracy
• industrial and state espionage
The most important measure to tackle these offences is a commitment to train law enforcement
officials in the tools of the cyber trade, and to co-ordinate prosecution efforts so that countries
know where to try a cyber criminal.
Ministers also pledged to create a 24-hour-a-day contact service to help national police forces
respond quickly and in a concerted manner to fast-moving cyber-criminals.
Other measures in the ten-point action plan include judicial co-operation and agreements on
extradition, hastening the progress of mutual agreements, speeding up communication, provision
of standards for secure telecommunications and developing forensic standards for retrieving
electronic data .
In India the following types of cyber crimes exist and are increasing at a rapid pace namely:
financial crimes, sale of illegal articles, pornography, online gambling, intellectual property
crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however
be target for unlawful acts in the following cases- unauthorized access to computer/ computer
system/ computer networks, theft of information contained in the electronic form, e-mail
bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web
jacking, theft of computer system, physically damaging the computer system.
1. Financial crimes
2. Cyber pornography
3. Sale of illegal articles
4. Online gambling
5. Intellectual Property crimes
6. Email spoofing
7. Cyber stalking
8. Forgery
9. Unauthorized Access to computer systems\networks
10. Theft of information contained in electronic form
11. Virus\ Worm Attacks
12. Logic Bombs
13. Trojan Attacks
14. Internet Time theft
15. Password Cracking
16. Buffer Overflow
Cases have been reported in the history of Pakistan that clearly talks about the above stated types
of cyber crimes in practicality. All relevant secondary data published on the progress and cases
of cyber crimes is listed in the form of articles mentioned below:
The Internet is not yet widespread in Pakistan and is moving at a slow and irregular pace, said 12
the French Reporters sans frontières (Reporters Without Borders) organisation in its second
annual report (2003) on cyberspace titled “The Internet under Surveillance: Obstacles to the free
flow of information online”.The RSF is a Paris-based watchdog that defends imprisoned
journalists and press freedom throughout the world, and protects the public’s right to be
informed in accordance with Article 19 of the Universal Declaration of Human Rights.
The report says the Internet is the bane of all dictatorial regimes, but even in democracies such as
the United States, Britain and France, new anti-terrorism laws have tightened government control
of it and undermined the principle of protecting journalistic sources. The report is about attitudes
towards the Internet by the powerful in 60 countries, between spring 2001 and spring 2003. The
preface is by Vinton G Cerf, often called the ‘father’ of the Internet.
The number of Internet users in China, the report says, doubles every six months and the number
of Chinese websites doubles every year. But this dizzying expansion of cyberspace is matched
by government efforts to control, censor and repress it with harsh laws, jailing cyber-dissidents,
blocking access to websites, spying on discussion forums and shutting down cyber cafés.
Regarding Pakistan, the reports said, there are around 500,000 using the services of privately
owned ISPs. The Internet is not yet widespread and is still mainly accessed through cyber cafés.
It does not seem to be heavily censored. But the Daniel Pearl kidnapping and murder case
showed how extremists could use it. The military regime has made every effort to block access
to a US-based investigative journalism website.
With only a half a million Internet users, Pakistan is quite behind in new information technology.
This is mainly because of the country’s large size and low level of economic development,
including only a few million private phone lines, mostly in big cities.
General Pervez Musharraf’s government appears to favour its growth, even though on the day he
seized power, 12 October 1999, the army cut off all Internet connections for several hours, and in
July 2002, the Pakistan Telecommunications Authority (PTA) tried to force cyber cafés owners
to record the names of their customers.
The report says, “Gen Musharraf says his government has invested more than 100 million euros
in communications and sharply reduced the cost of connections and services since 1999. Pakistan
has since launched a programme to boost digital technology, the information technology with
an efficient telecom policy.”Slow and difficult development: The new policy has led the
government to cut Internet connection costs and invest in telecommunications infrastructure,
while putting the Internet under the direct supervision of the PTA. The state’s monopoly in the
sector ended in December 2001 but big Internet operators such as AOL are reluctant to invest in
a country where scant profits are to be made. For the time being, Pakistanis are enthusiastically
using cyber cafés, which are everywhere in the cities. In Peshawar, a new one opens nearly every
day.
The Pakistan Telecommunication Company (PTCL) announced on April 2, 2003 that 400 new
sites with “indecent” content had been added to an earlier list of 100 banned websites and asked
12
Internet operators to block access to them. ISPs said the move would slow down Internet access.
A senior PTCL official, Zahir Khan, said on April 6, 2003, that access to nearly 1,800
pornographic sites had been banned and that the PTCL was thinking of importing software to
make it easier to do. Also targeted were “anti- Islamic” and “blasphemous” sites. The PTCL
admitted the blocking would temporarily slow down Internet navigation but said it was necessary
because of what it called ‘the great threat to society’ from such sites. Mairaj-ul-Huda, a leader of
the Jamaat-e-Islami party, welcomed the moves and said the electronic media had to be reformed
to bring them in line with the country’s culture and religion so that young people would not be
tempted by such evil.
Pak-India cyber war: The Pakistani government set up a special inter-ministerial committee in
May 2003 to counter increasing attacks on government websites by Indian hackers who were
making them inaccessible. Information technology minister Awais Ahmad Khan Leghari said
that if the attackers were identified, the government would take the matter to the relevant
international authorities to seek punishment for them. The previous month, he had said the
government was thinking of hiring its own hackers to fight the Indian attacks.
Electronics and cyber crimes are the yield of high tech-era, which must be dealt with the same
sort of expertise and sophistication, to unearth crimes, fix the responsibilities, and to make
headway. It is Very necessary for persons who are investigating the cases of Electronics and
cyber crimes that they should know each and every Technicality of the subject like an expert.
Sindh police chief's order for setting-up the ECU, appears a mere lip-service. Without cyber
cops, cyber judges, cyber advocates, etc one wonders how cyber criminals would be arrested,
and how investigations would be conducted to nab the accused persons. It has yet to be decided
who would conduct hearing of cyber crime cases and who would be competent to decide them,
or whether the person implicated is indeed involved in the crime or not.
Reports indicate that in the history of Pakistan, there had been only three cases of cyber crime
reported so far. two of these cases were investigated by the defunct Crimes Branch of Sindh
Police, and the third one was a very high profile case, in which a US journalist Daniel Pearl was
reportedly kidnapped and later assassinated by unknown persons. Later, some accused persons
including a British national were arrested in this case as their involvement was detected
Although the case of the US journalist Daniel Pearl was decided by the learned court, the persons
who had been implicated in the crime earlier by the police through cyber means, were the same
who were sentenced by the court.
12
If any investigator were to look deeply into these cases he would see on technical grounds that
the evidences gathered by the police investigators in the Daniel Pearl case were not sufficient
enough to fix the responsibilities on the accused persons.
Technical evidences must be examined in the light of Articles 6 and 7 of the Evidence Act, under
which condition a question would be raised whether the evidences presented before the court in
the Daniel Pearl case were justified or not. It might be the government policy, but it remains a
fact that gathering and presentation and acceptance of evidences were not smooth and
transparent.
Clearly, the police officials who investigated the crime were not bearing any expertise to deal
with cyber crimes at all. Whatever the learned court had decided is acceptable to all but one
question remains very pertinent about the validity of the investigation itself which had been
carried out without properly-trained officials, who were certainly not cyber cops in this case.
Moreover, the court which examined the case was not presided by a cyber judge, which was
It should be recalled here that so far no legislation had been enacted in the country to deal with
cases of cyber crimes. It is also worth mentioning here that few multinational banks operating in
Pakistan had offered their services time and again to the high police officials for training and
provision of the equipment required to deal with the cyber crimes. More than half a dozen
meetings in this
Connections were held with the former IGP Aftab Nabi, but they yielded no result.
Sources close to fraud control units of the different multinational banks disclosed that they had
also approached the IGP Syed Kamal Shah, but to no avail. Now, the orders for establishing the
ECU were given in writing by none other than the IGP Sindh himself to his subordinates who are
undergoing the course of proper formalities, but their implementation has yet to materialise.
"The importance of this special wing was felt when Daniel Pearl was kidnapped, and his captors
started sending e-mails to newspapers," he said.
The Wall Street Journal correspondent disappeared on January 23, 2002 from Pakistan's southern
city of Karachi.
The FBI traced the e-mails, and police captured those who
allegedly sent them to the newspapers, but, on February 21,
2002, the U.S. Embassy received a videotape showing Pearl
was dead.
Literature Survey
The short reviews to the literature we have gone through are given below: 12
Article no.1
http://en.wikipedia.org/wiki/Cybercrime
Additionally, certain other information crimes, including trade secret theft and
industrial or economic espionage, are sometimes considered cybercrimes when
computers or networks are involved.
One of the recent researches showed that a new cybercrime is being registered
every 10 seconds in Britain. During 2006 the computer crooks were able to strike
3.24 million times. Some crimes performed on-line even surpassed their equivalents
in real world. In addition, experts believe that about 90% of cybercrimes stay
unreported.
13% of all the participants mentioned they performed changes in computer systems
or computer files.
The study revealed that only 1 out of 10 hackers were interested in causing certain
harm or earn money. Most teenagers performed illegal computer actions of
curiosity, to experience excitement. Many cyber police is getting more complaints
about Orkut these days as many fake profiles being created and thus leads to
crime.
Write up # 1
There is the new crime of cracking, invading, or snooping into other people or organizations’
computer systems. Opinions differed as to whether merely looking was a crime, especially since
earlier hackers often detected security flaws and felt they were being upstanding public citizens
in reporting them. Clearly entering a system with criminal intent is another matter.
Then there are situations where the crime is old but the system is new, such as Internet fraud
scams. Marketing fraud has been around for millennia, telephone scams have been around for
decades, and now we have Internet scams. The same is true for pornography and copyright fraud.
The third element is about investigation, where the computer serves as a repository of evidence,
necessary for successful prosecution of whatever crime is being transacted. What used to be
recorded in paper records is unlikely to be recorded except digitally now, and can be destroyed
or encrypted remotely.
12
Article # 2:
http://www.vecam.org/article658.html
Cybercrime
Stephanie Perrin
The word cybercrime was coined in the late 90s, as the Internet spread across North America. A
sub group of the G8 group of nations was formed following a meeting in Lyon, France, in order
to study emerging problems of criminality that were being fostered by or migrating to the
Internet. This “Lyon’s group” was using the term to describe, in a very loose way, all kinds of
crime being perpetrated on the net or on new telecommunications networks which were rapidly
falling in cost.
Simultaneously, and led by players in the Lyons group, the Council of Europe started drafting a
Convention on Cybercrime [1]. This convention, which was first presented for public view in
2000, incorporated a new array of surveillance techniques which law enforcement agencies
considered were necessary to fight “cybercrime”. How was cybercrime defined? The final
version of this Convention, passed in November 2001 after the events of 911, does not define the
term. It is used as a catch-all term for the problems which increased computing power, cheap
communications, and the phenomenon of the Internet have raised for police and intelligence
agencies. The convention describes the various provisions and subject areas where new law is
required as follows:
Title 1 - Offences against the confidentiality, integrity and availability of computer data and
systems.
Title 5 - Ancillary liability and sanctions [aiding and abetting, corporate liability].
Prior to the cybercrime treaty’s emergence to public view, civil libertarians around the world had
been busy fighting various domestic moves to introduce mandatory data retention, or the storage
of telecommunications and Internet traffic logs, for the purposes of investigating crime. Data
retention was seen as part of a package of controls, which the FBI had first advanced in about
1992 as being necessary to fight crime on the new “information highway” as we called it back in
the early days of the Internet.
Write up # 2:
So what is cybercrime? First, what is cyberspace? The term was coined by science fiction writer
and applied to the Internet by Howard Rheingold, so it took off as a label for this new
communications infrastructure.
But sometimes we forget that it does not really exist. What exists is a network, and a lot of
servers and equipment. Communications over the Internet appear to be ephemeral and evaporate,
and in the minds of the public that is the gestalt that operates. Perhaps this is because of the
frailty of the average individual’s own relationship with their computers and email programs.
Who has not lost a document when they forgot to save it, or had their calendar and email
disappear? In fact, a good investigator with forensic tools can find and resurrect just about
everything, because unlike the analog world, the digital world leaves transactional information
behind for every bit and byte that is sent. These tools and skills are not available to the average 12
consumer, so the concept of cyberspace, a kind of magical hyperspace from which data comes
and goes, seems to fit.
When the first efforts to draft the Cybercrime Treaty started, most law enforcement agencies
were also behind the technological curve. They did not know how to investigate, how to seize
evidence on computers without contaminating it, how to preserve data in case the owner had sent
out a kill program to destroy it, how to track down the originators of a message, particularly
when encrypted or using anonymizers. These are non-trivial problems, and part of the early work
of law enforcement agencies was an effort to slow down the train and draw attention to their own
needs for resources to attack a new problem. Since it is usually easier to get new resources to
fight a new problem rather than the escalation of the old one, it is not surprising that new terms
were coined. However, it is not clear that “Cybercrime” is a useful term, and it may be totally
misleading. Crime takes place in the real world, usually involving real people and real money.
Focusing on that aspect of the problem, rather than on the more ephemeral aspects of how the
communications are sent, is important.
Article # 3
http://en.wikipedia.org/wiki/Hacker_%28computer_security%29
Contrary to the academic hacker subculture, networking hackers have no inherently close
connection to the academic world. They have a tendency to work anonymously and in
private. It is common among them to use aliases for the purpose of concealing identity,
rather than revealing their real names. This practice is uncommon within and even
frowned upon by the academic hacker subculture. Members of the network hacking scene 12
are often being stereotypically described as crackers by the academic hacker subculture,
yet see themselves as hackers and even try to include academic hackers in what they see as
one wider hacker culture, a view harshly rejected by the academic hacker subculture itself.
Instead of a hacker – cracker dichotomy, they give more emphasis to a spectrum of
different categories, such as white hat (“ethical hacking”), grey hat, black hat and script
kiddie. In contrast to the academic hackers, they usually reserve the term cracker to refer
to black hat hackers, or more generally hackers with unlawful intentions.
The network hacking subculture is supported by regular gatherings, so called Hacker cons.
These have drawn more and more people every year including SummerCon (Summer),
DEF CON, HoHoCon (Christmas), PumpCon (Halloween), H.O.P.E. (Hackers on Planet
Earth) and HEU (Hacking at the End of the Universe). They have helped expand the
definition and solidify the importance of the network hacker subculture. In Germany,
members of the subculture are organized mainly around the Chaos Computer Club.
The subculture has given birth to what its many members consider to be novel forms of art,
most notably ascii art. It has also produced its own slang and various forms of unusual
alphabet use, for example leetspeak. Both things are usually seen as an especially silly
aspect by the academic hacker subculture. In part due to this, the slangs of the two
subcultures differ substantially. Political attitude usually includes views for freedom of
information, freedom of speech, a right for anonymity and most have a strong opposition
against copyright. Writing programs and performing other activities to support these views
is referred to as hacktivism by the subculture. Some go as far as seeing illegal cracking
ethically justified for this goal; the most common form is website defacement.
Write up # 3
The term "Hacker" may mean simply a person with mastery of computers; however the
mass media most often uses "Hacker" as synonymous with a (usually criminal) computer
intruder. See hacker, and Hacker definition controversy. In computer security, several
subgroups with different attitudes and aims use different terms to demarcate themselves
from each other, or try to exclude some specific group with which they do not agree.
A white hat hacker or ethical hacker is someone who breaks security but who does so for
altruistic or at least non-malicious reasons. White hats generally have a clearly defined
code of ethics, and will often attempt to work with a manufacturer or owner to improve
discovered security weaknesses, although many reserve the implicit or explicit threat of
public disclosure after a "reasonable" time as a prod to ensure timely response from a
corporate entity. The term is also used to describe hackers who work to deliberately design
and code more secure systems. To white hats, the darker the hat, the more the ethics of the
activity can be considered dubious. Conversely, black hats may claim the lighter the hat,
the more the ethics of the activity are lost. 12
We can also define a hacker as
Article # 4:
http://www.anl.com/pages/feature.htm
The Effects of Cybercrime
When you purchase a home it comes with a door and a lock. You always will make sure that the
door/lock exist and that the lock is working properly. If you want you can aim to further secure your
home against any threats. You may purchase a new security system, an additional lock or maybe
even a pet dog for added safety. Why would you not secure your investment? Would you invite
criminals to use your home to commit additional crimes wherever he/she pleases?
When it comes to your PC or Network, you need to ask yourself the following questions.
• Would you like to have yourself, organization, corporation or business responsible for
cyber-crime, without you knowing?
• Would you like to be prosecuted for something you did not do?
• Would you like to loose clients due to lack of public confidence in your Information
Technology system?
• Password Crackers (Software designed to decrypt passwords, so they can gain access)
• Network Scanning software that looks for open ports to gain access to a network
(software or hardware based)
• Illegitimate Websites (fake URLs), to lure you into giving information over the web or
even hack an un-patched (updated) system
12
• SPAM (used to get email lists to possibly cause more damage)
• General Mischief
• Financial Gain
• Revenge
• Protest
• Criminal activity
• Identity Theft
In the same fashion, computer viruses that can generate havoc on your PC system are just as
criminal. Viruses can cost companies millions and dollars in time to repair an infected system.
Recently, Microsoft went as far as to post a $250,000 bounty for the writers of the MSBlast worm and
the SoBig.F virus. Organizations such as Interpol now have sections of their website devoted to
cyber-crime, with other websites such as the IFCC “Internet Fraud Complaint Center” specializing in
Internet Crime.
• Take some time to research for tips on PC maintenance from websites such as
http://www.pcworld.com, http://www.microsoft.com or http://www.zdnet.com.
Hopefully, the information provided above will aid in protecting your PC from unwanted computer
viruses, and PC problems that can harm hardware, software and productivity. The bottom line is that
if you have a virus or if your computer has been hacked, you are no longer in control of your PC. If
viruses, hackers or criminals destroy nothing else, they destroy your confidence in your PC or
network, which is something that is quite valuable.
Write up # 4:
Cyber crime consists of specific crimes dealing with computers and networks (such as hacking)
and the facilitation of traditional crime through the use of computers (child pornography, hate
crimes, telemarketing /Internet fraud). In addition to cyber crime, there is also “computer-
supported crime” which covers the use of computers by criminals for communication and
document or data storage. While these activities might not be illegal in and of themselves, they
are often invaluable in the investigation of actual crimes. Computer technology presents many
new challenges to social policy regarding issues such as privacy, as it relates to data mining and
criminal investigations.
12
Prevention is always better then hours of frustration and lost data. Some of the main ways to
ensure your PC is protected from malicious computer viruses are as follows.
• Refrain from opening e-mail and e-mail attachments from individuals you do not
know.
• DO NOT execute .EXE or unknown files directly from your e-mail.
• Look at purchasing Anti-virus and security software and have it updated on at
least a weekly basis.
• Have ALL diskettes scanned by virus-scanning software before inserted on your
PC.
• Secure your Internet Web browsing.
• Make sure you have a regular backup, in case you need to restore data.
• Make sure you test the integrity of your backup.
• Run regular Microsoft Windows Updates on your PC.
• If you have high-speed (broadband) Internet access in your office, think about
getting either a hardware or software firewall to protect your computer system.
• If you run a “Wireless Network” you must take time to secure it and understand
how it works.
• Take time to learn more about how your PC functions and how to take care of it.
• Just like taking care of your vehicle, keeping your PC healthy requires a little bit
of basic maintenance
• .
Article # 5:
http://www.wired.com/politics/law/news/2003/03/58033
"The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of
the Internet and trace those involved in cyber-related crimes," Iftikhar Ahmad, spokesman for
Pakistan's Interior Ministry, told the Associated Press on Wednesday.
"The importance of this special wing was felt when Daniel Pearl was kidnapped, and his captors
started sending e-mails to newspapers," he said. 12
The Wall Street Journal correspondent disappeared on Jan. 23, 2002, from Pakistan's southern
city of Karachi.
On Jan. 27, 2002, the Journal and other media received an e-mail from a group calling itself the
National Movement for the Restoration of Pakistani Sovereignty. The e-mail contained a photo
of Pearl, 38, with a gun to his head.
The FBI traced the e-mails, and police captured those who allegedly sent them to the
newspapers, but, on Feb. 21, 2002, the U.S. Embassy received a videotape showing Pearl was
dead.
"The National Response Center for Cyber Crimes will play a key role in the days to come in
tracing those terrorists who often use the Internet or prepaid telephone cards to communicate
messages to their associates for carrying out acts of terrorism and other purposes," Ahmad said.
The special wing has been established at the headquarters of an intelligence agency in
Islamabad, Pakistan's capital
Write up # 5:
The Internet is not yet widespread in Pakistan and is moving at a slow and irregular pace, said
the French Reporters sans frontier organisation in its second annual report (2003) on cyberspace
titled “The Internet under Surveillance: Obstacles to the free flow of information online”.The
RSF is a Paris-based watchdog that defends imprisoned journalists and press freedom throughout
the world, and protects the public’s right to be informed in accordance with Article 19 of the
Universal Declaration of Human Rights.
Regarding Pakistan, there are around 500,000 using the services of privately owned ISPs. The
Internet is not yet widespread and is still mainly accessed through cyber cafés. It does not seem
to be heavily censored. But the Daniel Pearl kidnapping and murder case showed how extremists
could use it. The military regime has made every effort to block access to a US-based
investigative journalism website. Thus forcing the authorities to establish a cyber crime wing.
12
STEP-3
PROBLEM
DEFINITION
12
PROBLEM DEFINITION
Statement of Problem
Lots of the people of Pakistan even don’t know exactly what the cyber crime is all about? Even
many of us commit cyber crimes by doing fun at the net and we don’t even think of the
punishments because we don’t have the knowledge of the cyber laws. We will be researching
on:
12
STEP-4
THEORETICAL
FRAMEWORK
12
THEORETICAL FRAMEWORK
After the preliminary data gathering and the problem statement, the next step is to examine the
critical variables and developing a Theoretical Framework. The critical variables in our study
are:
DEPENDENT VARIABLE:
• Cyber Crimes
INDEPENDENT VARAIBLES:
1. Greed
2. Power
3. Publicity
4. Revenge
5. Adventure
6. Desire to access forbidden information
7. Destructive mindset
1. Greed: Research found that most of the cyber criminals commit cyber crimes because
of one basic motive that is greed. The classical examples can be misuse of the credit
card numbers on online shopping, on purchasing the domains (cyber space), payment of
pornographic websites access, payment of gambling tokens, payment of purchasing
codes etc.
2. Power: Some of the cases revealed that power was the motive behind the scene. As
individuals feel proud by hacking ones account, they literally feel a sense of power. By
hacking ones bank account password or by hacking ones email account password you
holds the power.
3. Publicity: Government websites are the hot targets of the hackers due to the press 12
coverage, it receives. Hackers enjoy media coverage. As practically the Indian hackers
did with the Pakistan official websites, the basic motive of doing all that was publicity.
4. Revenge: In most of the cyber crimes, revenge as the cause of cyber crimes has been
observed. History of cyber crimes talks about a case which best describes this, a
teacher threaten no, of students of not getting pass into his subject then to take revenge
from the teacher they hacked the main PC (Server) of the campus and leagued out his
paper.
5. Adventure: Just for the sake of the adventure, cyber criminals also hack certain
unrestricted area just for the sake of fun or thrill.
6. Desire to access forbidden information: This also has been one of the reasons that
most of the people have curiosity of getting all the information available in the black box.
So this desire of getting the forbidden information compels them to commit illegal acts
such as cyber crimes.
7. Destructive mindset: few of the hackers also commit cyber crimes because of the
destructive mind set, they always look at the darker side of the image and try to polish
that image. And this type of practice gets them forget to even remember that this is a
crime.
MODERATING VARIABLE:
1. security services
2. awareness
1. Wants to sell security services: Some of the software companies sale there security
systems to competitive agencies to combat against cyber attacks and further this have
become a contract business for them.
2. Awareness:. Most of the hotmail and yahoo accounts have been observed that these
are hacked by the friends by guessing the secret questions or by guessing the
passwords as their telephone numbers or from their key words in their lives. So this all
happens of lack of awareness that this is basically a cyber crime anyone of the victims
reports that this can get them in to trouble.
INTERVENING VARIABLES:
• Government Policies
12
RELATIONSHIPS AMONG VARIABLES
Here, our dependent variable is cyber crimes. Since frequency of cyber attacks can vary, it can
be positive, neutral or negative, therefore it is a variable, and because it is our subject of interest,
it is the Dependent variable. The independent variables in our study are Greed, Power, Publicity,
Revenge, Adventure, Desire to access forbidden information, Destructive mindset. cyber crime
(dependent variable) is influenced by all these independent variables.
There is a positive relationship between these independent variables and the dependent variable.
Greed
Power
Publicity
Cyber
Revenge Crimes
Desire to access
forbidden information
12
Destructive
mindset
Independent variables
Dependent Variable
INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP ALONGWITH THE
MODERATING VARIABLE:
Here, security services and the awareness is the moderating variable as it has a strong contingent
effect on the independent variable-dependent variable relationship. The relationship in any of the
independent-dependent variable may change if these factors change.
Greed
Cyber
Power
Crimes
Publicity
Publicity
Revenge
Security
Desire to access services,
forbidden information
Desire to access awarenes
forbidden information s 12
Destructive
mindset
The Government policies and efforts surfacing at time t2, when the independent variables were
in place at time t1 till their effect is felt on the dependent variable at time t3. The effective the
efforts of the government the larger it will effect the relationship between the Independent
factors and the dependent factor
Greed
Governm Cyber
ent
Power policies
Crimes
Publicity
Revenge
Security
12
Desire to access services,
forbidden information awarene
ss
Destructive
mindset
t1 t2
t3
Independent Variables Intervening Variables
Dependent variable
STEP-5
HYPOTHESIS
DEVELOPMENT
12
HYPOTHESIS DEVELOPMENT
Null Hypothesis:
Alternate Hypothesis:
If the first hypothesis comes true it will verify that though there is positive relationship between
dependent and independent variables due to various government policies cyber crime is not a
threat any more .
Else, the second option will show that cyber crime is a threat to everyone as government and
private policies and measure have decreased it but still is a viable factor.
12
STEP-6
SCIENTIFIC
RESEARCH DESIGN
12
SCIENTIFIC RESEARCH DESIGN
Under scientific research design we’ll take a look at following titles, which gives us the details of
the study.
Types of investigation
Study Setting
Units of Analysis
Sampling Design
Time horizon
Our Study is of hypothesis testing nature .Where are we interested in determining the nature of
certain relationship that is, relationship between our dependent and independent variable with in
the presence of our intervening and moderating variable.
TYPES OF INVESIGATION: 12
Our study is Co-relational study in nature as in this research we are interested in finding the
explanations to different relationships.
STUDY SETTING:
We have conducted this research with in non-contrived setting that is neither any variable was
manipulated nor controlled. As our study is co-relational normal settings are chosen for research
work
UNIT OF ANALYSIS:
Our unit of analysis is individuals. We have selected 20 individuals who are IT experts or IT
students from various organizations and institutions.
SAMPING DESIGN:
TIME HORIZON:
We have collected the data and have conducted the research at one point in time hence our
research work is cross-sectional in nature.
12
STEP-7
DATA
COLLECTION,
ANALYSIS AND
INTERPRETATION
12
DATA COLLECTION, ANALYSIS AND INTERPRETATION
DATA COLLECTION:
We have collected the data relating to the research work of ours from, preliminary data and
structured interviews.
We have collected the secondary data from websites & have also consulted articles in different
IT related websites and magazines.
Structured interviews:
We have made a structured interview having the combination of open ended and close ended
questions. This constitutes 10 questions in which 2 are close ended questions while 8 of open
ended nature. The list of questions is given on next page.
12
Q1: How would you define Cyber Crime?
Interpretation:
This question was basically put forward to understand how “Cyber Crime” was precieved by
different experts. Even though the term does not change its meaning from one place to another
but the way in which people define it as per the field of study which they are a part of have a
significant effect on the way they define cyber crime. This is evident the minutes of the interview
attached with the report.
But one thing was common all the respondents that they recognized cybercrimes as a misuse of
information technology to achieve on own goals that end up harming the other party
12
Q2: Do you consider cyber crime as a threat?
2.1 Yes 20
2.2 No 0
INTERPRETATION:
All the respondents no matter from any field of study unanimously agreed that
cyber crime is a threat.
12
Q3. Please identify whether the following forms and means (1) occur frequently, (2) occur
infrequently, or (3) have not occurred, by placing an “x” as appropriate in the following
table:
0
3.1.1 Occur 12
frequently
3.1.2 Occur 10 10
12
infrequently
3.1.3 Has not 0
occurred
12
4 0
3.2:Hacking:
16
3.2.1 Occur 16
frequently
3.2.2 Occur 4
infrequently
3.2.3 Has not 0
occurred
3.3:Malicious code:
0
5
3.3.1 Occur 15
frequently
3.3.2 Occur 4 15
infrequently
3.3.3 Has not 0
occurred
3.5.1 Occur 0
frequently
3.5.2 Occur 12
infrequently
3.5.3 Has not 8
occurred
2
3.7.1 Occur 7 7
frequently 12
3.7.2 Occur 11
infrequently 11
3.7.3 Has not 2
occurred
B. In addition, to the above, if there are there any other forms and means of cyber-
crime that have occurred (either frequently or infrequently) in your country, please
identify them as well as the frequency with which they occur in the following table.
Interpretation:
The respondents were asked if there are any other forms of cyber crimes which they know of that
wrere not identified in the A part of the questions , they gave the following answers,
• Misuse of pictures
12
Interpretation:
This question was intended toward what effect cyber crime has on the particular
field of the experts such as in the case of bankers, they face financial crimes
through false debits and credits in computerized accounts. Also identity theft
(credit card theft). Or in the case of software companies whose soft are pirated and
sold for much less of their original cost. Similar is the case of movie and music
industry.
Q5 Can you name any significant event that is considered as a cyber crime?
Interpretation:
Many experts named many significant events some of the most significant event
which were identified are
• Y2k Threat
( these events have been defined in detail in the preliminary date gathering
stage)
Interpretation:
The respondents were asked that how are they able to counter cyber crime the gave many
suggestions such as we should not disclose any personal information to any one and
especially to strangers. We should use Updated and latest anti-virus software should be used 12
to protect the computer system against virus attacks. While chatting on the net one should
avoid sending photographs to strangers along with personal data as it can be misused.
Backup volumes of the data should always be kept to prevent loss from virus contamination.
Children should be prevented from accessing obscene sites by the parents to protect them
from spoiling their mind and career. A credit card number shall never be sent to an unsecured
site to prevent fraud or cheating.
Q7 Can you identify any reason as to why cyber crime occur?
Interpretation:
The respondents were asked the reasons because of which more and more people are
intending to commit cyber crime. The response was there are many reasons because of which
people were intended to commit cyber some of the most common reason are
• Greed
• Power
• Publicity
• Revenge
• Adventure
• Desire to access forbidden information
• Destructive mindset
Interpretation:
The resopondents that Pakistani security agency has launched a special wing to combat cyber
crimes in part because the country had to rely on U.S. investigators to trace e-mails. The purpose
of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet
and trace those involved in cyber-related crimes.
9.1 Yes 19
9.2 No 1
1
19
Yes No
Interpretation:
Most respondents believe that still cyber crime is a immanent threat even in the presence of
tough government policies mainly due to the lack to proper implementation.
Q10 Do you want to add any thing to the policies of the government?
Interpretation:
The respondents were asked whether they want to include something in the government policies
which will decrease if not end cyber crimes.they suggested many solutions which are given at the
last part of the report.
12
STEP-8
DEDUCTION
DEDUCTION
12
Question No. 2 from the questionnaire were selected to assist in the hypothesis
testing.
Null Hypothesis:
“Cyber Crime is not a threat”
YES NO TOTAL
Cyber crimes 20 0 20
TOTAL 20 0 20
Alternate Hypothesis:
“Cyber Crime is a threat”
12
LEVEL OF SIGNIFICANCE: 5%
20 10 10 100 10
0 10 -10 100 10
20 20 0 20
x2 = 20
Where ,
k= number of colums
n = number of observations
e = expected value
O = observed value
0.95
12
0.05
0.02393 20
Critical Region Non - Critical Region
Result:
Since, the calculated value of chi-square is greater then critical value, so we reject
the null hypothesis and hence we accept the alternative hypothesis.
12
The Information Technology Act 2000 was passed when the country was facing the problem of
growing cyber crimes. Since the Internet is the medium for huge information and a large base of
communications around the world, it is necessary to take certain precautions while operating it.
Solutions - the way ahead
The signs are that criminal abuse of computer networks is an increasing problem.
There is a need for effective substantive and procedural laws coordinated at global, or at least at
European level, to protect the victims of computer-related crime and to bring the offenders to
justice.
From the front lines, the call is for more of everything—more investigators, more funding and
more attention from lawmakers and upper management. That call may finally be getting some
attention.
While obstacles remain, those involved in the cyber-crime fight say there are growing reasons
for optimism. Law enforcement agencies are sharing information more often and more widely
than ever before. Investigators are more experienced. And, for its part, the technology industry is
working on a variety of products that address some fundamental issues behind common cyber-
crimes.
Evidence that this heightened diligence can turn the tide may be found in the battle against one
of the most widespread and insidious forms of cyber-crime: phishing.
Through the clever use of company logos, verbatim text and links to convincing replicas of
corporate Web sites, phishing scammers entice unsuspecting users to give up private information 12
with appeals bearing titles such as "Problems with your account" and "Account security
measures."
Despite the pilfered graphics, the messages frequently contain obvious spelling and grammatical
errors that can make them more easily identifiable as fakes. However, some of the messages
simply ask recipients to follow an embedded link that takes them to an exact replica of the victim
company's Web site, where they are then prompted to enter sensitive information. These sorts of
attacks are far more difficult to sniff out, especially given that many of them use authentic-
looking URLs.
In March, there were 402 unique new phishing attacks, a 43 percent increase from the previous
month, according to numbers compiled by the Anti-Phishing Working Group, an industry
consortium that tracks phishing activity and comprises financial institutions, banks and vendors
such as Pass Mark Security LLC, of Woodside, Calif., and Science Applications International
Corp., of San Diego.
The schemes are getting more sophisticated with attacks that plant Trojan horses and backdoors
on users' PCs as soon as users open malicious e-mail messages.
"[Phishers] are starting to work with crackers and virus writers. They're sharing code, using
common techniques and taking advantage of vulnerabilities to drop something on the machines,"
said Dan Maier, director of product marketing at Tumbleweed Communications Corp., a
provider of secure e-mail solutions based in Redwood City, Calif., and a member of the Anti-
Phishing Working Group. "It's very sophisticated code," Maier said.
Acknowledging the problem and taking a lead in the effort to thwart such scams, the Department
of Justice in April issued a five-page report on phishing, warning consumers and laying out
suggested defenses.
The report followed similar efforts from the Office of the Comptroller of the Currency at the
Federal Deposit Insurance Corp., which urged banks to increase monitoring of phishing-type
activities and expand incident-response capabilities to deal with the spike in online fraud.
Phishing has the attention of the private sector as well. One of the underlying problems that
allow phishing to flourish is that it is hard to determine with any degree of certainty whether the
Web site an unsuspecting victim visits is what it claims to be.
By using URL redirectors and other means of deceit, scammers can easily hide the true address
of their malicious site and make it appear as legitimate as eBay.com or Amazon.com. Identrus 12
LLC, a company that provides identity authentication services to banks and other financial
institutions, is working on a solution to the problem.
Identrus, whose customer base includes most major U.S. banks, plans to issue "institutional
certificates" to its customers and enable those banks to offer client digital certificates to bank
customers later this spring. The institutional certificates will allow the banks to prove their
identities to their customers digitally and the customers to prove their identities to the banks
digitally as well
The primary research concluded certain solutions in order to fight the cyber crimes:
CONCLUSION
• The onus is on educational institutions to foster best practice in the use of information
technology. 12
• Most computer crime is not detected and is difficult to quantify. It does seem to be a
growing world-wide problem.
• It is clear that in the area of Information Technology new types of crime have emerged as
well as the commission of traditional crimes by means of the new technologies.
• Although passing laws relating to the Internet is relatively easy, enforcement can be very
hard.
• Perpetrators of computer crime usually exploit weakness in the systems either being used
or attacked. Inadequate security procedures - physical, organisational and logical -
continue to feature in the vast majority of examples of computer crime
• The Pakistan cyber laws are not known to the majority of people and also been termed as
inefficient.
• The most destructive cyber crime prevailing in Pakistan is cyber pornography and
hardware viruses.
• The most obvious reasons of cyber crimes are greed, power, revenge, adventure and
publicity.
• The consequences can be serious threats to the e-business. Communication sector and
banking sector.
• The wide use of pornographic websites is heading to destroy our cultural values.
RECOMMENDATION
Any person who operates the net and being exposed to cyber crimes should always abide by and
following principles: 12
• He should not disclose any personal information to any one and especially to strangers.
• Updated and latest anti-virus software should be used to protect the computer system
against virus attacks.
• While chatting on the net one should avoid sending photographs to strangers along with
personal data as it can be misused.
• Backup volumes of the data should always be kept to prevent loss from virus
contamination.
• Children should be prevented from accessing obscene sites by the parents to protect them
from spoiling their mind and career.
• A credit card number shall never be sent to an unsecured site to prevent fraud or cheating.
• Effort shall be made to make a security code and program to guard the computer system
from misuse.
• Routers and firewalls can be used to protect the computer network.
• A check should be kept on the functioning of cyber cafes and any mishappening shall be
reported to the concerned authorities.
• Efforts should be made to discourage misuse of computers and access to unauthorized
data.
• Strict cyber laws should be formulated and implemented to fight against cyber criminals.
• A guide book of cyber crimes should be made available to common user for the
awareness purpose.
REFRENCES
12