Cyber Crime & Ethics in computer education Sunita Verma * , Rajan Manro** PIMT , Mandi Gobindgarh , ** DBIMCS,Mandi Gobindgarh
*firstname.lastname@example.org ,** email@example.com
Cyber Crime – An Introduction What is Crime? Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is “a legal wrong that can be followed by criminal proceedings which may result into punishment So, what is Cyber crime. It is any illegal activity using computer software, data or access as the object, subject or instrument of the crime. Cyber crime is the latest and perhaps the most complicated problem in the cyber world. Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime This term has now here been defined in any Act passed by the Indian Parliament. Mode of committing cyber crime Virus / worm/Trojans attacksViruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer's memory. E.g. love bug virus, which affected at least 5 % of the computers of the globe. Unauthorized access to computer systems or networks / HackingThis kind of offence is normally referred as hacking in the generic sense. However the framers of the information technology act 2000 have no where used this term so to avoid any confusion we would not interchangeably use the word hacking for ‘unauthorized access’ as the latter has wide connotation. Theft of information This includes information stored in computer hard disks, removable storage media etc. Theft may be either by appropriating the data physically or by tampering them through the virtual medium.
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. Cyber Pornography 1
This would include pornographic websites; pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc.) Cyber Stalking The Oxford dictionary defines stalking as "pursuing stealthily". Cyber stalking involves following a person's movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails Logic bombs These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date Web jacking This term is derived from the term hi jacking. In these kinds of offences the hacker gains access and control over the web site of another. He may even mutilate or change the information on the site. E.g. recently the site of MIT (Ministry of Information Technology) was hacked by the Pakistani hackers and some obscene matter was placed therein. Further the site of Bombay crime branch was also web jacked. Another case of web jacking is that of the ‘gold fish’ case. In this case the site was hacked and the information pertaining to gold fish was changed. Further a ransom of US $ 1 million was demanded as ransom. What type of cyber attack hurts companies most? A recent survey shows the tremendous impact cyber crime is having on companies/organizations in the India.
With that statistic on the rise, it’s easy to understand why sales of security software and hardware have also jumped.
Cyber criminals: The cyber criminals constitute of various groups/ category. This division may be justified on the basis of the object that they have in their mind. The following are the category of cyber criminals1. Children and adolescents between the age group of 6 – 18 years The simple reason for this type of delinquent behaviour pattern in children is seen mostly due to the inquisitiveness to know and explore the things. 2. Organised hackers These kinds of hackers are mostly organised together to fulfil certain objective. The reason may be to fulfil their political bias, fundamentalism, etc. Further the NASA as well as the Microsoft sites is always under attack by the hackers. 3. Professional hackers / crackers Their work is motivated by the color of money. These kinds of hackers are mostly employed to hack the site of the rivals and get credible, reliable and valuable information. 4. Discontented employees This group include those people who have been either sacked by their employer or are dissatisfied with their employer. To avenge they normally hack the system of their employee. 3
Status of Cyber crime Back in 1990, less than 100,000 people were able to log on to the Internet worldwide. Now around 500 million people are using the net around the globe. UK has the largest number of infected computers in the world followed by the US and China. The US is the leading source country for attacks. China is second and Germany is third. In India : During 2003, a total of 411 cases were registered under IPC Sections as compared to 738 such cases during 2002 thereby reporting a significant decline of 44 percent in 2003 over 2002. A total of 475 persons were arrested in the country for Cyber Crimes under IPC during 2003. The age-wise profile of the arrested persons showed that 45 percent were in the age-group of 3045 years, 28.5 percent of the offenders were in the age-group of 45-60 years and 11 offenders were aged 60 years and above. Above figures doesn't mean that cyber crime is declining in India , the fact is that people in our country do not report cyber crimes for the following reasons: i)They don't want to face harassment by the police. ii)The fear of bad publicity which could hurt their reputation in society. Also, iii)It becomes extremely difficult to convince the police to register any cyber crime, because of lack of awareness about cyber crimes and their registration and handling by the police. A recent survey indicates that for every 500 cyber crime incidents that take place, only 50 are reported to the police and out of that only one is actually registered. These figures indicate how difficult it is to convince the police to register a cyber crime. We must control the cyber crime problem and make the Internet a safe place for its users.
ETHICS IN COMPUTER EDUCATION Generally speaking, ethics is the set of rules for determining moral standards or what is considered as socially acceptable behaviours. Today, many computer users are raising questions on what is and is not ethical with regard to activities involving information technology. Obviously, some general guidelines on ethics are useful responsibly in their application of information technology. General guidelines on computer ethics are needed for: Protection of personal data Computer Crime Cracking These are serious ethical issues since it involves invasion of privacy, people’s privilege would be violated and that the integrity of the data is also questionable. Feasible solutions to Prevent hackers: an ethical & social issue A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network, can be used to prohibit unauthorized members, such as hackers from entering a network. Biometrics is also a solution. A school network can implement fingerprint recognition, facial recognition, or voice recognition to authenticate users. Hence, any unauthorized members would be rejected to access the computer database. 4
<<= Picture of a firewall
Picture of facial recognition =>
Cyber Crime may have disastrous consequences on the economy of the country. Organizations & individuals may cause extensive losses at the hands of cyber criminals. It is therefore imperative to deal with the various ways in which cyber crime can be prevented. Prevention is always better than cure. It is always better to take certain precaution while operating the net
The development of modern conveniences has brought us many benefits, it also caused several major problems. Storing data collection in a computerized format allows teachers and students to access particular information easily by the use of IT methods, However, the drawback is that the data is at risk, since cybercrime is so common in this day and age. It is important the people know what they are doing with their computers, they should not be using peer-to-peer software, or downloading illicit material, reason being: a) they might get a virus or become hacked. b) it's unethical!. If people take responsibility and use the computer appropriately, the effects of the problems can be reduced to a minimum. It is possible if there is: 1) Education & awareness Many private & government schools educate students in relation to computers and present subjects in respect of information technology. It is important that young persons should be educated in respect of computer ethics at school level. Many hackers & cyber criminals have some training in the field of information technology. The training of students at universities in these fields should include the teaching of ethics & values.1 A netizen 2 should keep in mind the following things1. To prevent cyber stalking avoid disclosing any information pertaining to oneself. This is as good as disclosing your identity to strangers in public place.
2. Always avoid sending any photograph online particularly to strangers and chat friends as there have been incidents of misuse of the photographs. 3. Always use latest and up date anti virus software to guard against virus attacks. 4. Always keep back up volumes so that one may not suffer data loss in case of virus contamination 5. Never send your credit card number to any site that is not secured, to guard against frauds. 6. Always keep a watch on the sites that your children are accessing to prevent any kind of harassment or depravation in children. 7. It is better to use a security programme that gives control over the cookies and send information back to the site as leaving the cookies unguarded might prove fatal. 8. web site owners should watch traffic and check any irregularity on the site. Putting host-based intrusion detection devices on servers may do this. 9. use of firewalls may be beneficial. 10 Web servers running public sites must be physically separate protected from internal corporate network.
Also see R A Coldwell Hacking into computer systems, anomie and computer education (1998) Acta Criminologica Vol. 11 No 1 17-18.
2) Information Technology Security Security should be directed at organizational level. At organizational level, the main frame of the computer system as well as the important physical areas should be secure against intrusion. 3 3) Detection and reporting Corporations are sometime reluctant to report cyber offences and computer related fraud 4. A whistle blowing system to report any cyber crimes should be implemented.
4) International cooperation Cyber crime is a global problem & it often has global implications. The effective cooperation between countries in respect of detection, investigation & prosecution of a cyber crime will be effective to prevent cyber crime. Course in Cyber Law in India There are many Cyber Law College conducts regular and correspondence courses in Cyber Law. They provide services in Cyber Law Compliancy Audit ,consultancy for E-Business, consultancy for protecting IPR on Cyber Properties including Patenting of Software, assisting Lawyers in Cyber crime cases and Cyber Evidence Certification,etc.Following is the list of institutions who conducts the courses in cyber law :.: Regular Course: Name Of Institute 1 IIIT Allahbad master program in cyber law and 2 information security. (MPCLIS) 3 Indian Law Institute, New Delhi 4 Mumbai University 5 Asian school Of Cyber Law, Pune 6 Navvi College Of Cyber Law Correspondence Course: Name Of Institute 1 Nalsar law university of hyderabad 2 ICFAI Hyderabad 3 Asian school Of Cyber Law, Pune 4 Mumbai University
WebSite http://pgd.iiita.ac.in/ http://mpclis.iiita.ac.in/ http://www.ilidelhi.org http://www.glc.edu/cyber.asp http://www.asianlaws.org http://naavi.org/ WebSite http://www.nalsarlawuniv.org http://www.icfai.org http://www.asianlaws.org http://www.glc.edu/cyber.asp
See Tony Elbra A Practicle Guide to the Computer Misuse Act 1990 (1990) 21 – 26 See Dr Michael Levi Computer fraud in Britain – some research findings (1990-91) The Computer Law & Security Report 6.
Security technologies used by the various organizations- A survey: There was a large variety of security technologies being used among respondents. Usage of Antivirus software was almost universal with 98%. Firewalls were close behind with over 90% either using software or hardware firewalls. Operating system safeguards, such as limits on which users could install software, password complexity requirements, and periodic password changes were used by about half of respondents. Virtual Private Networks (VPNs) proved to be 7
a popular means of achieving security with a 46% response. Advanced techniques such as biometrics (4%) and smartcards (7%) were implemented infrequently; however, it is anticipated that these numbers may increase in future surveys. Organizations used on average 7.8 of the security methods listed. Interestingly, having more security measures did not mean a reduction in attacks. In fact there was a significantly positive correlation between the number of security measures employed and the number of Denial of Service (DoS) attacks. It is likely that organizations that are attractive targets of attacks are also most likely to both experience attack attempts and to employ more aggressive computer security measures. Also, organizations employing more technologies would likely be better able to be aware of computer security incidents aimed at their organizations
S ecurity technologies used by various organizations in India
A tiv s Softw n iru are
120 Security technologies 100 80 60 40 20 0 P rce ge e nta
Firew alls A tispamS n oftw are A tispy are Softw n w are Lim onw ichu its h sers canin stall softw are A ccess C trol Lists (serv based) on er Py h sical Secu rity P eriodic R ired Passw equ ord C an h ges V s PN P assw C plex R irem ts ord om ity equ en E cry n pted Login E cry n pted Files (for tran sfer) W ebsite Con t Filterin ten g In sion tru Prev tion en /DetectionSy stem E cry n pted Files (for storage) S artcards (card, PCM IA, U m C SB, etc.) B etrics iom O ers th
Capacity of human mind is unfathomable. We would conclude that it is not possible to eliminate cyber crime from the cyber space. It is quite possible to check them. History is the witness that no legislation has succeeded in totally eliminating crime from the globe. The only possible step is to make people aware of their rights and duties (to report crime as a collective duty towards the society) and further making the application of the laws more stringent to check crime. Undoubtedly the Act is a historical step in the cyber world. Further We all together do not deny that there is a need to bring changes in the Information Technology Act to make it more effective to combat cyber crime.
REFERENCES:  Wm. Arthur Conklin,Gregory B. White, ChunkCothren,Dwayne Williams,Roger L.Davis,”Principle ofcomputer security”.  Anton Chuvakin and Cyrus Peikari,”Protect yourselfAgainst Denial-of-Service Attacks”, O’REILLY Windows  Flexi Mohan,CEO- SecureSynergy posted on 31 october 2003 ”Future of Wireless LAN Security”  Mark Grimes, Distributed Denial of Service Attacks (DDoS): Threats and Safeguards.  Avleen Viq,”Preventing Denjal of Service Attacks”, 24Pth PJune 2004 O’REILLY
http://www.reportcybercrime.com http://www.naavi.org http://homepage.cs.uri.edu/faculty/wolfe/cf www.spamlaws.com www.netsmartz.org http://www.dcfl.gov/dc3/home.htm http://www.reportcybercrime.com/statusofcybercrime.php