You are on page 1of 3

What is Cybercrime?

Types of Attacks that Cyber Criminals use to commit crimes:

Defines as "any crime that is committed using a computer network or hardware
device". 1. Botnet - a network of software robots, or bots, that automatically
spread malware
Type 1 cybercrime
2. Fast Flux - moving data quickly among the computers in a botnet to
Usually a single event from the perspective of the victim.
make it difficult to trace the source of malware or phishing websites
An example would be where the victim unknowingly
downloads a Trojan horse virus, which installs a keystroke 3. Zombie Computer - a computer that has been hacked into and is used
logger on his or her machine. The keystroke logger allows to launch malicious attacks or to become part of a botnet
the hacker to steal private data such as internet banking 4. Social Engineering - a tactic used by cyber criminals that uses lies and
and email passwords. manipulation to trick people into revealing their personal information.
Phishing. This is where the victim receives a supposedly legitimate email Social engineering attacks frequently involve very convincing fake
(quite often claiming to be a bank or credit card company) with a link that stories to lure victims into their trap. Common social engineering
leads to a hostile website. Once the link is clicked, the PC can then be attacks include:
infected with a virus. Sending victims an email that claims there's a problem with their
Hackers often carry out Type 1 cybercrime by taking advantage of flaws in a account and has a link to a fake website. Entering their account
web browser to place a Trojan horse virus onto the unprotected victims
information into the site sends it straight to the cyber criminal
Any cybercrime that relates to theft or manipulation of data or services via
Trying to convince victims to open email attachments that
hacking or viruses, identity theft, and bank or e-commerce fraud.
contain malware by claiming it is something they might enjoy (like
Type 2 cybercrime a game) or need (like anti-malware software)
Type 2 cybercrime tends to be much more Pretending to be a network or account administrator and asking
serious and covers things such as for the victim's password to perform maintenance
cyberstalking and harassment, child Claiming that the victim has won a prize but must give their credit
predation, extortion, blackmail, stock card information in order to receive it
market manipulation, complex corporate Asking for a victim's password for an Internet service and then
espionage, and planning or carrying out using the same password to access other accounts and services
terrorist activities.
since many people re-use the same password
It is generally an on-going series of events,
Promising the victim they will receive millions of dollars, if they
involving repeated interactions with the target. For example, the target
is contacted in a chat room by someone who, over time, attempts to will help out the sender by giving them money or their bank
establish a relationship. Eventually, the criminal exploits the relationship account information
to commit a crime. Or, members of a terrorist cell or criminal 5. Denial-of-Service attacks - flooding a network or server with traffic in
organization may use hidden messages to communicate in a public order to make it unavailable to its users
forum to plan activities or discuss money laundering locations, for 6. Skimmers - Devices that steal credit card information when the card is
example. swiped through them. This can happen in stores or restaurants when
More often than not, it is facilitated by programs that do not fit under the card is out of the owner's view, and frequently the credit card
the classification crimeware. For example, conversations may take place information is then sold online through a criminal community.
using IM (instant messaging) clients or files may be transferred using
Types of Cyber Criminals
White hat Hackers A hacktivist is a hacker who utilizes technology to publicize a social, ideological,
They are specialized in testing the security of their clients' information systems. religious or political message.
For a fee, they will attempt to hack into a company's network and then present Hacktivism can be divided into two main groups:
the company with a report detailing the existing security holes and how those Cyberterrorism Activities involving website defacement or denial-of-
holes can be fixed. The term "white hat" in Internet slang refers to an ethical service attacks; and,
hacker. This classification also includes individuals who perform penetration Freedom of information Making information that is not public, or is public
tests and vulnerability assessments within a contractual agreement. in non-machine-readable formats, accessible to the public.

Black hat Hackers Nation state

They used their computer expertise to break into systems and steal information Intelligence agencies and cyberwarfare operatives of nation states.
illegally. Black hat hackers form the stereotypical, illegal hacking groups often
portrayed in popular culture, and are "the epitome of all that the public fears in a Organized criminal gangs
computer criminal". Black hat hackers break into secure networks to destroy, Groups of hackers that carry out organized criminal activities for profit.
modify, or steal data; or to make the network unusable for those who are
authorized to use the network. Black hat hackers are also referred to as the
"crackers" within the security industry and by modern programmers.

Grey hat Hackers

These hackers-turned-good-guys wants to come clean and turn away from crime, What is Computer Virus?
one option is to work for the people they used to torment, by becoming a small software programs that are designed to spread from one computer to
security consultant. A grey hat hacker may surf the Internet and hack into a another and to interfere with computer operation
computer system for the sole purpose of notifying the administrator that their a program or piece of code that is loaded onto your computer without your
system has a security defect, for example. They may then offer to correct the knowledge and runs against your wishes
defect for a fee. Grey hat hackers sometimes find the defect of a system and can also replicate themselves
publish the facts to the world instead of a group of people. all computer viruses are man-made
can make a copy of itself over and over again
Elite hacker is dangerous because it will quickly use all available memory and bring
A social status among hackers, elite is used to describe the most skilled. Newly the system to a halt
discovered exploits circulate among these hackers. capable of transmitting itself across networks and bypassing security systems
might corrupt or delete data on your computer, use your email program to
Script kiddie spread itself to other computers, or even erase everything on your hard disk
A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks often spread by attachments in email messages or instant messaging
into computer systems by using automated tools written by others (usually by messages
other black hat hackers), hence the term script (i.e. a prearranged plan or set of
can be disguised as attachments of funny images, greeting cards, or audio
activities) kiddie (i.e. kid, childan individual lacking knowledge and experience,
and video files
immature), usually with little understanding of the underlying concept.

A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking
and has almost no knowledge or experience of the workings of technology and
Encrypted viruses
One method of evading signature detection is to use simple encryption to
Types of Computer Viruses encipher the body of the virus, leaving only the encryption module and
a cryptographic key in cleartext. In this case, the virus consists of a small
Resident vs. non-resident viruses decrypting module and an encrypted copy of the virus code. If the virus is
A memory-resident virus (or simply "resident virus") installs itself as part of the encrypted with a different key for each infected file, the only part of the virus
operating system when executed, after which it remains in RAM from the time that remains constant is the decrypting module, which would (for example) be
the computer is booted up to when it is shut down. Resident viruses appended to the end. In this case, a virus scanner cannot directly detect the virus
overwrite interrupt handling code or other functions, and when the operating using signatures, but it can still detect the decrypting module, which still makes
system attempts to access the target file or disk sector, the virus code intercepts indirect detection of the virus possible. Since these would be symmetric keys,
the request and redirects the control flow to the replication module, infecting the stored on the infected host, it is in fact entirely possible to decrypt the final virus,
target. In contrast, a non-memory-resident virus (or "non-resident virus"), when but this is probably not required, since self-modifying code is such a rarity that it
executed, scans the disk for targets, infects them, and then exits (i.e. it does not may be reason for virus scanners to at least flag the file as suspicious.
remain in memory after it is done executing). Some viruses will employ a means of encryption inside an executable in which the
virus is encrypted under certain events, such as the virus scanner being disabled
Macro viruses for updates or the computer being rebooted. This is called Cryptovirology.
Many common applications, such as Microsoft Outlook and Microsoft Word,
allow macro programs to be embedded in documents or emails, so that the Polymorphic code
programs may be run automatically when the document is opened. A macro Just like regular encrypted viruses, a polymorphic virus infects files with an
virus (or "document virus") is a virus that is written in a macro language, and encrypted copy of itself, which is decoded by a decryption module. In the case of
embedded into these documents so that when users open the file, the virus code polymorphic viruses, however, this decryption module is also modified on each
is executed, and can infect the user's computer. This is one of the reasons that it infection. A well-written polymorphic virus therefore has no parts which remain
is dangerous to open unexpected attachments in e-mails. identical between infections, making it very difficult to detect directly using
signatures. Antivirus software can detect it by decrypting the viruses using
Boot sector viruses an emulator, or by statistical pattern analysis of the encrypted virus body. To
Boot sector viruses specifically target the boot sector/Master Boot Record (MBR) enable polymorphic code, the virus has to have a polymorphic engine (also called
of the host's hard drive or removable storage media (flash drives, floppy disks, mutating engine or mutation engine) somewhere in its encrypted body.
etc.). See polymorphic code for technical detail on how such engines operate.
Some viruses employ polymorphic code in a way that constrains the mutation
Self-modification rate of the virus significantly. For example, a virus can be programmed to mutate
Most modern antivirus programs try to find virus-patterns inside ordinary only slightly over time, or it can be programmed to refrain from mutating when it
programs by scanning them for so-called virus signatures. Unfortunately, the infects a file on a computer that already contains copies of the virus.
term is misleading, in that viruses do not possess unique signatures in the way There has also been virus called undetectable virus (proposed in Yongge Wang).
that human beings do. Such a virus signature is merely a sequence of bytes that Undetectable virus is one kind of polymorphic virus that is static signature-free
an antivirus program looks for because it is known to be part of the virus. A better and whose dynamic signatures are hard to determine unless some cryptographic
term would be "search strings". Different antivirus programs will employ different assumption fails.
search strings, and indeed different search methods, when identifying viruses. If a
virus scanner finds such a pattern in a file, it will perform other checks to make Metamorphic code
sure that it has found the virus, and not merely a coincidental sequence in an To avoid being detected by emulation, some viruses rewrite themselves
innocent file, before it notifies the user that the file is infected. The user can then completely each time they are to infect new executables. Viruses that utilize this
delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ technique are said to be metamorphic. To enable metamorphism, a metamorphic
techniques that make detection by means of signatures difficult but probably not engine is needed. A metamorphic virus is usually very large and complex. For
impossible. These viruses modify their code on each infection. That is, each example, W32/Simile consisted of over 14,000 lines of assembly language code,
infected file contains a different variant of the virus. 90% of which is part of the metamorphic engine.