Ministry of Education and Science of Ukraine

State University of Telecommunications

Department of Information and Cyber Security

Report on the topic:

“Ways of combating computer crime”

Completed: student groups BSD - 34:

Cherneha S. O.
Gmail: rhinemoow@gmail.com

Kyiv 2020
 Contents
Introduction……………………………………………………………………….......2
1. Main part…….………………………………….…………………………...3
1.1 Types of Cybercrime……………………………..………………………...4
1.2 Combating computer crime..............................................……….………..10
Summary.……………………..………………………………………..…………….18
List of used literature………….……………………………………...……………...19
Glossary of computer terms…..………………………………………..…………….23
Annotation………………...…..…...…………………………………..…………….24

1
 Іntroduction

Cybercrime is a significant challenge to society, but it can be particularly

harmful to the individuals who become victims. This chapter engages in a
comprehensive and topical analysis of the cybercrimes that target individuals. It also
examines the motivation of criminals that perpetrate such attacks and the key human
factors and psychological aspects that help to make cybercriminals successful. Key
areas assessed include social engineering (e.g., phishing, romance scams, catfishing),
online harassment (e.g., cyber-bullying, trolling, revenge porn, hate crimes), identity-
related crimes (e.g., identity theft, doxing), hacking (e.g., malware, cryptojacking,
account hacking), and denial-of-service crimes. As a part of its contribution, the
chapter introduces a summary taxonomy of cybercrimes against individuals and a
case for why they will continue to occur if concerted interdisciplinary efforts are not
pursued.

2
 1. Main part
1.1 Types of Cybercrime

At its core, there are arguably three types of cybercrime: crimes in the device,
crimes using the device, and crimes against the device. Crimes in the device relates to
situations in which the content on the device may be illegal or otherwise prohibited.
Examples include trading and distribution of content that promotes hate crimes or
incites violence. The next category, crimes using the device, encompasses crimes
where digital systems are used to engage and often, to deceive, victims. An example
of this is a criminal pretending to be a legitimate person (or entity) and tricking an
individual into releasing their personal details (e.g., account credentials) or
transferring funds to other accounts. Walls final category, crimes against the device,
pertains to incidents that compromise the device or system in some way. These
crimes directly target the fundamental principles of cybersecurity, i.e., the
confidentiality, integrity, and availability (regularly referred to as the CIA triad) of
systems and data. This typology provides some general insight into the many crimes
prevalent online today.
This chapter aims to build on the introduction to cybercrime and security issues
online and focus in detail on cybercrimes conducted against individuals. It focuses on
many of the crimes being conducted today and offers a topical discourse on how
criminals craft these attacks, their motivations, and the key human factors and
psychological aspects that make cybercriminals successful. Areas covered include
social engineering (e.g., phishing, romance scams, catfishing), online harassment
(e.g., cyberbullying, trolling, revenge porn, and hate crimes), identity-related crimes
(e.g., identity theft and doxing), hacking (e.g., malware and account hacking), and
denial-of-service (DoS) crimes.
Social Engineering and Online Trickery
Trickery, deceit, and scams are examples of some of the oldest means used by
adversaries to achieve their goals. In Greek Mythology, their army used deceit in the
3
form of a Trojan horse; presented to the Trojans as a gift (or more specifically, an
offering to Athena, goddess of war), it was instead a means for the Greek army to
enter and destroy the city of Troy. Additionally, in The Art of War, fifth-century BCE
Chinese military strategist Sun Tzu declares, “Hence, when able to attack, we must
seem unable; when using our forces, we must seem inactive; when we are near, we
must make the enemy believe we are far away; when far away, we must make him
believe we are near” [1]. According to this well-known text on war, the intention is to
deceive and, ideally, to misdirect, while discretely progressing towards and obtaining
the goal-in Tzu’s case, winning against the enemy in battle.
Cybercriminals, potentially informed by history itself, have been applying such
techniques for decades to Social Engineering, a specific class of cybercrime that uses
deception or trickery to manipulate individuals into performing some unauthorized or
illegitimate task. It seeks to exploit human psychology and is possibly the most
effective means of conducting a crime again stan individual.
In one example, a social engineer breaks into an individuals cell-phone provider
account in under two minutes 1. This was achieved by phoning the cell-phone
providers help desk, pretending to be the customers wife (impersonation is typically a
core component of this crime), and using an audio recording of a crying baby (under
the guise of it being her baby) to elicit sympathy from the help desk employee. Here,
the social engineer used some basic information (i.e., knowing the customer’s name),
sympathy, and the fact that a help desk is primarily supposed to provide assistance, to
manipulate the help desk to grant her unauthorized access to a client account. There
are numerous other similar types of attacks, and entire books and training courses on
the topic (e.g., at the well-known hacking conference, BlackHat).
Phishing and Its Variants
Phishing is a specific type of social engineering crime that occurs using
electronic communications, such as an email or a website. In it, criminals send an
email, or create a website, that appears to be from a legitimate entity with the
intention of conning individuals into divulging some sensitive information or
performing a particular action. Today there are many different variants of phishing,
4
including spear-phishing, vishing, smishing (or SmShing), and whaling. Spear-
phishing is a targeted phishing attack on an individual that has been customized based
on other key and pertinent information, such as their date of birth, current bank,
Internet service provider, or email address. This additional information is used to
enhance the appearance of legitimacy and thereby increase the effectiveness of the
con. Spear-phishing is held to be the reason for several well-known crimes including
“Celebgate”, where private photographs of actresses Jennifer Lawrence, Kate Upton,
and Scarlett Johansson were stolen and later exposed online. The terms vishing and
smishing represent phishing attacks that occur over the phone (i.e., voice), and via
text messages (especially SMS, but including WhatsApp, etc.) respectively. These
often overlap with traditional phone scams but may also be used in combination with
email phishing attempts. Whaling is very similar to spear-phishing but targets high-
profile individuals (the notion being that a whale is a “big phish”) such as company
executives, with the goal of a higher payoff for criminals if the attack is successful.
The success of phishing attacks over the last decade has been phenomenal. To take
the UK as an example, the City of London Police’s National Fraud Intelligence
Bureau (NFIB) and the Get Safe Online security awareness campaign estimated that
in 2015 alone, phishing scams cost victims £174 million. Moreover, Symantec [2]
estimates that spear-phishing emails as a category in themselves have drained $3
billion from businesses over the last three years. These estimates are likely to
increase, as are the various ways in which criminals have targeted individuals.
Online Scams - Tech Support, Romance, and Catfishing

In addition to phishing, online scams are also worth mentioning. Scams also
involve trickery and deceit and typically have financial gain as the prime motive. One
prominent example of the now common series of “tech support” scams is that of a
global con uncovered in 2017. There, criminals purchased pop-up browser
advertisements which appeared on victims computer screens and locked their
browsers. These pop-ups inaccurately informed individuals that their computers were
compromised and that they should call the tech support company for assistance.

5
Reports indicate that over 40,000 people across the globe were victimized and
defrauded out of more than 25 million USD. These criminals were using a series of
fear tactics to deceive individuals, many of whom were elderly and potentially more
vulnerable.

Romance scams are also rampant on the Internet via online dating websites.
Here, criminals seek to engage in faked and extensive relationships, again, usually for
financial gain. Their technique involves preying on vulnerable individuals seeking
romance and love and exploiting them under the guise of a relationship. Research has
studied these scams from a variety of perspectives, including understanding their
prevalence and their impact on victims [3]. A noteworthy finding for our work on
cybercrimes and individuals is that while financial losses may be incurred by victims,
it is often the loss of the relationship that was more upsetting and psychologically
traumatic. Catfishing is another variant of the common romance scam where fake,
online identities and potentially, even social groupings are created to lure individuals
into romantic relationships. Similar to traditional scams, the goal may be for financial
gain, but notoriety may also be considered as a motive.

Identity-Related Cybercrime
Identity theft and identity fraud are traditional crimes that have flourished due to
online system sand the open nature of the Internet. While the theft of identities by
criminals is enabled due the amount of information on individuals online, fraud
becomes possible when that informations used for monetary gain (e.g., impersonating
the individual to purchase an item).
Identity theft works by criminals gathering information on individuals and using
that as the basis through which to steal their identities. Today, there are two
information-gathering techniques preferred by cybercriminals: the monitoring of
individuals on social media as they post and interact online, and the gathering and use
of personal data from previous online security breaches. The first of these techniques
exploits a factor previously mentioned that pertains to phishing, i.e., the nature to
overshare, but also the poor management of security and privacy online. A

6
noteworthy study by fraud prevention organization Cifas found that Twitter,
Facebook, and LinkedIn are now prime hunting grounds used by identity thieves; the
senet works contain an abundance of personal details, from birth dates and family
member details to addresses, school histories, and job titles.

Hacking: The Dark Art

Hacking is one of the most traditional forms of cybercrime and involves

activities that result in the compromise of computing systems or digital information.
By compromise, this chapter refers specifically to the detrimental impact of these
actions on the confidentiality and integrity of systems and data. As such, hacking can
refer to corporate or personal data (e.g., a persons photo album) being exposed, or
accessed by, unintended parties; the unauthorized modification or deletion of that
data (with or without the knowledge of the individual); or computer systems being
disrupted from functioning as intended.
There is a plethora of crimes that can be labeled as hacking. The most topical
threat in this domain however, is arguably that of malware. Malicious software (or
malware) describes applications developed and used by criminals to compromise the
confidentiality or integrity of systems and information. The cost of managing
malware alone for U.K. organizations in a 2016 study totaled £7.5 billion. This has
been matched by an even more drastic increase in the amount of malware
applications and variants deployed by criminals. For instance, in 2017, Symantec
reported a threefold increase in new malware families online, while in 2018 there was
a 88% increase in new malware variants. The most popular types of malware that
impact individuals are viruses, worms, Trojan horses, and spyware.
Viruses are programs that replicate when executed and spread to other files and
systems. They are known for attaching themselves to other programs. The Melissa
virus is one of the most famous viruses in history. It was implemented as a Microsoft
Word macro virus that once opened by an unwitting individual, automatically
distributed itself via email to the first 50 people in that individuals. As these emails

7
were opened and the document was accessed, the virus would spread even further,
infecting more computers, and generating thousands of unsolicited emails. A unique
characteristic of Melissa (and many of the viruses it has since inspired) was that its
success and the continued spread of the virus exploited human psychology.
Specifically, it targeted individuals friendships, i.e., sending to contacts there by
hijacking existing trust relationships, and also used trickery by referencing a
document that was supposedly requested and allegedly secretive.
Worms are similar to viruses but they are standalone and do not need to be
attached to a file. The prime purpose of worms is to self-replicate especially to other
computers on the network (e.g., a home, university, or public network). As a result of
its purpose, worms tend to vastly consume system resources (e.g., a computers CPU
and memory, and a networks bandwidth) thus slowing down computers and network
speeds. Examples of recorded computer worms include Blaster, which would also
cause the users computer to shut down or restart repeatedly, ILOVEYOU, and the
Daprosy worm.
Trojan horses, as the name suggests, are programs that appear legitimate but
have another core purpose, which commonly is acting as a back door into computers
or systems (most notably, Remote-Access Trojans (RATs)). These malware variants
can allow cybercriminals to circumvent security mechanisms to gain unauthorized
access into systems. This access may be used to steal files, monitor individuals, or to
employ the computer as a proxy for a larger attack. For example, personal
information and files (e.g., photo albums, information on finances, private diaries,
saved passwords) may be accessed and leaked online, or criminals may remotely turn
on web cameras to spy on and take photos of individuals. The latter of which could
lead to sextortion. Furthermore, computers could be used as a platform to launch
cyber-attacks against other systems. This is similar to the recent case of the DoS
attack on DNS provider, Dyn, where IoT devices from within homes and
organizations across the world aided in disrupting access to hundreds of popular
websites [41].
Account and Password Hacking
8
 Beyond malware, the hacking of online accounts (e.g., Facebook, Gmail,
Government portals, paid services) and user passwords is a significant challenge
faced by individuals. This is due to a variety of techniques being applied by
cybercriminals, many of which are now even automated. One popular approach to
hacking an individuals account is through the stealing of their username and
password credentials. Criminals typically achieve this via shoulder surfing (i.e.,
looking over someones shoulder while they are entering their password), and
cybercriminals also focus on installing malware on the victims computer that logs all
keys typed (also known as a keylogger) or applying social engineering techniques.
Password guessing is another way in which cybercriminals can gain illegitimate
access to individuals accounts. Informed guessing is the most successful technique
and is where criminals use prior information to guess account credentials or infer
details that would allow them to reset user accounts. Such information can be readily
gathered from social media profiles (e.g., hobbies, pets, sports teams, mothers maiden
name, family member names, and dates of birth), which is why it is important for
individuals to be wary of what they share online. Another avenue used by
cybercriminals is that of previously breached passwords. Given the number of data
breaches that have occurred over the last few years as discussed earlier and the
tendency of individuals to reuse passwords across sites, criminals have the perfect
platform to amass sensitive user data and existing credentials. Research has
investigated this reality and demonstrated the various ways in which hackers can
reuse and guess passwords with some degree of success using this prior knowledge
[4].
Dictionary attacks, where words from the dictionary are used to form potential
passwords, are also a common password hacking technique. Here, cybercriminals
look to exploit poorly created passwords based on dictionary words. One unique
aspect of these attacks is that they can be automated using hacking tools such as John
the Ripper, Cain and Abel, and L0phtCrack. The availability of these tools, and the
fact that they require little expertise yet combine several different password crackers
into one packaged application, provides cybercriminals with a significant advantage.
9
That is, that up-skilling and increasing the scale of attacks is much easier than
before and thus, less of a barrier to conducting crime.
To exacerbate this issue, there are many common, weak passwords in use by
individuals. A study of 10 million passwords sourced from data breaches that
occurred in 2016 highlighted several key points: firstly, the top five common
passwords used by individuals were 123456,123456789, qwerty, 12345678, and
111111; secondly, 17% of users had the password “123456.”; thirdly, the list of most
frequently used passwords has demonstrated little change over the last few years; and
finally, nearly half of the top 15 passwords are six characters or shorter. Fortune
Magazine recently reported that many of these same issues occurred again in 2017.
One inference that might be made from these findings is that users prefer to maintain
simple and memorable passwords. This is hardly a surprise as security is often known
to crumble when placed in conflict with usability, and after all, humans favor
consistency and are known to be creatures of habit. For hackers, however, such weak
and common passwords are ideal, and can be guessed extremely quickly, thus placing
users at risk of account takeovers.

1.2 Combating computer crime

It is difficult to find and combat cyber crime's perpetrators due to their use of the
internet in support of cross-border attacks. Not only does the internet allow people to
be targeted from various locations, but the scale of the harm done can be magnified.
Cyber criminals can target more than one person at a time. The availability of virtual
spaces to public and private sectors has allowed cybercrime to become an everyday
occurrence. In 2018, The Internet Crime Complaint Center received 351,937
complaints of cybercrime, which lead to $2.7 billion lost.

Investigation

A computer can be a source of evidence (see digital forensics). Even where a

computer is not directly used for criminal purposes, it may contain records of value to

10
criminal investigators in the form of a logfile. In most countries Internet Service
Providers are required, by law, to keep their logfiles for a predetermined amount of
time. For example: a European wide Data Retention Directive (applicable to all EU
member states) states that all e-mail traffic should be retained for a minimum of 12
months.
There are many ways for cybercrime to take place, and investigations tend to
start with an IP Address trace, however, that is not necessarily a factual basis upon
which detectives can solve a case. Different types of high-tech crime may also
include elements of low-tech crime, and vice versa, making cybercrime investigators
an indispensable part of modern law enforcement. Methods of cybercrime detective
work are dynamic and constantly improving, whether in closed police units or in
international cooperation framework.
In the United States, the Federal Bureau of Investigation (FBI) and the
Department of Homeland Security (DHS) are government agencies that combat
cybercrime. The FBI has trained agents and analysts in cybercrime placed in their
field offices and headquarters. Under the DHS, the Secret Service has a Cyber
Intelligence Section that works to target financial cyber crimes. They use their
intelligence to protect against international cybercrime. Their efforts work to protect
institutions, such as banks, from intrusions and information breaches. Based in
Alabama, the Secret Service and the Alabama Office of Prosecution Services work
together to train professionals in law enforcement through the creation of The
National Computer Forensic Institute. This institute works to provide "state and local
members of the law enforcement community with training in cyber incident response,
investigation, and forensic examination in cyber incident response, investigation, and
forensic examination".
Due to the common use of encryption and other techniques to hide their identity
and location by cybercriminals, it can be difficult to trace a perpetrator after the crime
is committed, so prevention measures are crucial.
Prevention

11
 The Department of Homeland Security also instituted the Continuous
Diagnostics and Mitigation (CDM) Program. The CDM Program monitors and
secures government networks by tracking and prioritizing network risks, and
informing system personnel so that they can take action [1]. In an attempt to catch
intrusions before the damage is done, the DHS created the Enhanced Cybersecurity
Services (ECS) to protect public and private sectors in the United States. The Cyber
Security and Infrastructure Security Agency approves private partners that provide
intrusion detection and prevention services through the ECS. An example of one of
these services offered is DNS sinkholing.
Legislation
Due to easily exploitable laws, cybercriminals use developing countries in order
to evade detection and prosecution from law enforcement. In developing countries,
such as the Philippines, laws against cybercrime are weak or sometimes nonexistent.
These weak laws allow cybercriminals to strike from international borders and
remain undetected. Even when identified, these criminals avoid being punished or
extradited to a country, such as the United States, that has developed laws that allow
for prosecution. While this proves difficult in some cases, agencies, such as the FBI,
have used deception and subterfuge to catch criminals. For example, two Russian
hackers had been evading the FBI for some time. The FBI set up a fake computing
company based in Seattle, Washington. They proceeded to lure the two Russian men
into the United States by offering them work with this company. Upon completion of
the interview, the suspects were arrested outside of the building. Clever tricks like
this are sometimes a necessary part of catching cybercriminals when weak legislation
makes it impossible otherwise.
The European Union adopted directive 2013/40/EU. All offences of the
directive, and other definitions and procedural institutions are also in the Council of
Europe's Convention on Cybercrime.
It is not only the US and the European Union who are introducing new measures
against cybercrime. ON 31 May 2017 China announced that its new cybersecurity
law takes effect on this date.
12
 Penalties
Penalties for computer-related crimes in New York State can range from a fine
and a short period of jail time for a Class A misdemeanor such as unauthorized use of
a computer up to computer tampering in the first degree which is a Class C felony
and can carry 3 to 15 years in prison.
However, some hackers have been hired as information security experts by
private companies due to their inside knowledge of computer crime, a phenomenon
which theoretically could create perverse incentives. A possible counter to this is for
courts to ban convicted hackers from using the Internet or computers, even after they
have been released from prison – though as computers and the Internet become more
and more central to everyday life, this type of punishment may be viewed as more
and more harsh and draconian. However, nuanced approaches have been developed
that manage cyber offenders behavior without resorting to total computer or Internet
bans [3]. These approaches involve restricting individuals to specific devices which
are subject to computer monitoring or computer searches by probation or parole
officers.
Awareness
As technology advances and more people rely on the internet to store sensitive
information such as banking or credit card information, criminals increasingly
attempt to steal that information. Cybercrime is becoming more of a threat to people
across the world. Raising awareness about how information is being protected and the
tactics criminals use to steal that information continues to grow in importance.
According to the FBI's Internet Crime Complaint Center in 2014, there were 269,422
complaints filed. With all the claims combined there was a reported total loss of
$800,492,073. But cybercrime does yet seem to be on the average person's radar.
There are 1.5 million cyber-attacks annually, that means that there are over 4,000
attacks a day, 170 attacks every hour, or nearly three attacks every minute, with
studies showing us that only 16% of victims had asked the people who were carrying
out the attacks to stop. Anybody who uses the internet for any reason can be a victim,
which is why it is important to be aware of how one is being protected while online.
13
 Intelligence
As cybercrime has proliferated, a professional ecosystem has evolved to support
individuals and groups seeking to profit from cybercriminal activities. The ecosystem
has become quite specialized, including malware developers, botnet operators,
professional cybercrime groups, groups specializing in the sale of stolen content, and
so forth. A few of the leading cybersecurity companies have the skills, resources and
visibility to follow the activities of these individuals and group. A wide variety of
information is available from these sources which can be used for defensive purposes,
including technical indicators such as hashes of infected files [5] or malicious
IPs/URLs [5], as well as strategic information profiling the goals, techniques and
campaigns of the profiled groups. Some of it is freely published, but consistent, on-
going access typically requires subscribing to an adversary intelligence subscription
service. At the level of an individual threat actor, threat intelligence is often referred
to that actor's "TTP", or "tactics, techniques, and procedures," as the infrastructure,
tools, and other technical indicators are often trivial for attackers to change.
Corporate sectors are considering crucial role of artificial intelligence cybersecurity.
Diffusion of cybercrime
The broad diffusion of cybercriminal activities is an issue in computer crimes
detection and prosecution. Hacking has become less complex as hacking
communities have greatly diffused their knowledge through the Internet. Blogs and
communities have hugely contributed to information sharing: beginners could benefit
from older hackers' knowledge and advice. Furthermore, hacking is cheaper than
ever: before the cloud computing era, in order to spam or scam one needed a
dedicated server, skills in server management, network configuration, and
maintenance, knowledge of Internet service provider standards, etc. By comparison, a
mail software as a service is a scalable, inexpensive, bulk, and transactional e-mail-
sending service for marketing purposes and could be easily set up for spam. Cloud
computing could be helpful for a cybercriminal as a way to leverage his or her attack,
in terms of brute-forcing a password, improving the reach of a botnet, or facilitating a
spamming campaign [6].
14
 Data protection in computer networks
When considering the problems of data protection in the network, first of all, the
question arises about the classification of failures and access violations that can lead
to the destruction or unwanted modification of data. Among these potential "threats"
are:
1. Hardware failures:
 cable system failures;
 power outages;
 failures of disk systems;
 failures of data archiving systems;
 failures of servers, workstations, network cards, etc.
2. Loss of information due to incorrect software operation:
 loss or change of data in case of software errors;
 losses during system infection with computer viruses;
3. Unauthorized access losses:
 unauthorized copying, destruction or forgery of information;
 familiarization with confidential information leaving a secret,
unauthorized persons;
4. Loss of information associated with incorrect storage of archived data.
5. Errors of service personnel and users:
 accidental destruction or alteration of data;
 incorrect use of software and hardware leading to the destruction or
alteration of data.
Depending on the possible types of network disruptions (disruption is also
understood as unauthorized access), numerous types of information protection are
combined into three main classes:
 physical protection means, including means of protecting the cable
system, power supply systems, archiving tools, disk arrays, etc.

15
  software protection tools, including: anti-virus programs, systems of
differentiation of powers, software access control.
 administrative security measures, including control of access to
premises, development of a firm's security strategy, contingency plans, etc.
This division is rather arbitrary, since modern technologies are developing in the
direction of a combination of software and hardware protection. The most widespread
such software and hardware tools are received, in particular, in the field of access
control, protection against viruses, etc.
Software and hardware-software protection methods
The problem of protecting information from unauthorized access has become
especially acute with the widespread use of local and, especially, global computer
networks. It should also be noted that often the damage is caused not because of
"malicious intent", but because of elementary user errors that accidentally spoil or
delete vital data. In this regard, in addition to access control, a necessary element of
information protection in computer networks is the differentiation of user rights.
At the same time, in such a system of organizing protection, a weak point still
remains: the level of access and the ability to enter the system are determined by a
password. It's no secret that the password can be spied on or picked. To exclude the
possibility of unauthorized entry into a computer network, a combined approach has
recently been used - a password + user identification by a personal "key". A plastic
card (magnetic or with a built-in microcircuit - smart-card) or various devices for
identifying a person using biometric information - by the iris of the eye or
fingerprints, the size of the hand, and so on - can be used as a "key".
By equipping the server or network workstations, for example, with a smart card
reader and special software, you can significantly increase the level of protection
against unauthorized access.
Access control smart cards allow you to realize, in particular, such functions as
login control, access to personal computer devices, access to programs, files and
commands. In addition, it is also possible to carry out control functions, in particular,

16
registration of attempts to violate access to resources, use of prohibited utilities,
programs, DOS commands.
As enterprises expand, the number of personnel grows and new branches appear,
it becomes necessary for remote users (or user groups) to access computing and
information resources.
In particular, in bridges and remote access routers, packet segmentation is used -
their separation and transmission in parallel over two lines - which makes it
impossible to "intercept" data when a "hacker" illegally connects to one of the lines.
In addition, the procedure for compressing the transmitted packets used during data
transmission guarantees the impossibility of decrypting the "intercepted" data.
Special devices have also been developed to control access to computer
networks via dial-up lines. RPSD Key and Lock allow you to set several levels of
protection and access control, in particular:
 encryption of data transmitted over the line using generated digital keys;
 access control depending on the day of the week or time of day.
The widespread use of radio networks in recent years has presented developers
of radio systems with the need to protect information from "hackers" armed with a
variety of scanning devices. A variety of technical solutions were applied. For
example, in the radio network of RAM Mobil Data, information packets are
transmitted through different channels and base stations, which makes it almost
impossible for outsiders to collect all the transmitted information together. Actively
used in radio networks and data encryption technologies using the DES and RSA
algorithms.

17
 Summary
While the advantages that accompany Internet use and digital technologies are
plentiful, there is an abundance of challenges and concerns facing the new, high-tech
world. Cybercrime is one of the most prevalent and has the ability to impact people
psychologically, financially, and even physically. This chapter reflected on many of
the crimes that cybercriminals engage in today and the reasons why these are often
quite successful, from social engineering and online harassment to hacking and
ransomware attacks. A salient point is that cybercriminals are ready, willing, and
have a strong history in exploiting many human psychological needs and weaknesses.
Such facets include our innate desire to trust and help each other, the human need for
love and affection, the host of biases that affect decision-making on security, and a
perfect knowledge of what people consider most important, the willingness to pay for
the return of something valuable (instances of ransomware).
As the sophistication of cybercriminals has increased, so too must the
approaches to prevent, detect, and deter their behaviors. Cyberpsychology research
has made significant inroads to the analysis of this problem through the study of
criminal behavior and the psychological and social impact on victims. The field of
Cybersecurity features a range of new models, systems, and tools that aim to prevent
and detect attacks against individuals-these utilize a variety of the latest techniques in
machine learning and anomaly detection to boost accuracy and efficiency.
Criminology is also a key area, and there are now several laws across the world
seeking to deter online crimes and prosecute those who perpetrate them. However, if
18
approaches towards preventing cybercrime are to be truly effective at protecting
individuals, a more concerted, cross-disciplinary program is mandatory. It is only in
this way that the insight from each field can be properly synthesized and combined to
address the issue of online crime.

List of used literature

1. Tzu, S.: The Art of War (L. Giles, Trans.). Pax Librorum (2009).
2. Symantec: 2017 internet security threat report.
https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf
(2017).
3. Whitty, M.T., Buchanan, T.: The online dating romance scam: The
psychological impact on victims–both financial and non-financial. Criminology &
Criminal Justice 16(2), 176–194 (2016).
4. Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled
web of password reuse.
5. "Insights into Iranian Cyber Espionage: APT33 Targets Aerospace and
Energy Sectors and has Ties to Destructive Malware « Insights into Iranian Cyber
Espionage: APT33 Targets Aerospace and Energy Sectors and has Ties to
Destructive Malware".
6. Richet, Jean-Loup (2012). "How to Become a Black Hat Hacker? An
Exploratory Study of Barriers to Entry Into Cybercrime". 17th AIM Symposium.

19
 Glossary of computer terms
1. phishing фішинг
2. scams шахрайство
3. identity-related crimes злочини, пов’язані з особистістю
4. doxing доксинг
5. malware шкідливе програмне забезпечення
6. cryptojacking криптоджекінг
7. denial-of-service crimes злочини за відмову в службі
8. cybercrime кіберзлочинність
9. trickery обман
10.social engineering соціальна інженерія
11.means of conducting a crime засоби ведення злочину
12.cell-phone provider оператор мобільного зв’язку
13.spear-phishing підривний фішинг
14.vishing вішинг
15.smishing фішинг через смс
16.whaling незвичайний
17.pertinent information відповідна інформація
18.cyber security кібербезпека
19.dentity theft and identity fraud крадіжка особистої інформації та
шахрайство
20.information-gathering techniques техніка збору інформації
21.computing systems обчислювальні системи
22.digital information цифрова інформація
23.malicious software зловмисне програмне забезпечення
24.worms «червяк»
25.trojan horses «троян»
26.spyware шпигунське програмне забезпечення
27.referencing a document посилання на документ
28.self-replicate самовідтворення

20
29.unauthorized access into system несанкціонований доступ до системи
30.proxy проксі-сервер
31.personal information особиста інформація
32.DNS система доменних імен
33.IoT devices пристрої IoT
34.account and password hacking злом облікового запису та пароля
35.keylogger кейлоггер
36.password guessing вгадування пароля
37.dictionary attacks словникові атаки
38.virtual space віртуальний простір
39.computer tampering комп’ютерне втручання
40.Internet bans Інтернет-заборони
41.cybercriminal activities кіберзлочинна діяльність
42.botnet operators оператори ботнетів
43.professional cybercrime groups професійні групи з кіберзлочинності
44.groups specializing in the sale of групи, що спеціалізуються на
stolen content
продажу викраденого вмісту
45.malicious IPs/URLs зловмисні IP-адреси / URL-адреси
46.subscription service передплатна послуга
47.computer crimes detection and розкриття та переслідування
prosecution
комп'ютерних злочинів
48.dedicated server виділений сервер
49.skills in server management навички управління сервером
50.network configuration and конфігурація та обслуговування
maintenance
мережі
51.knowledge of Internet service знання стандартів постачальників
provider standards
послуг Інтернету
52.mail software поштове програмне забезпечення
53.brute-forcing a password грубо-примусове введення пароля
54.hardware failures апаратні збої
55.loss of information due to втрата інформації через неправильну
incorrect software operation
роботу програмного забезпечення
56.unauthorized access losses втрати через несанкціонований
доступ
57.loss of information associated втрата інформації, пов'язана з
with incorrect storage of archived неправильним зберіганням
data заархівованих даних
58.errors of service personnel and помилки обслуговуючого персоналу
users та користувачів
21
59.physical protection means засоби фізичного захисту
60.software protection tools програмні засоби захисту
61.anti-virus programs антивірусні програми
62.administrative security measures адміністративні заходи безпеки
63.means of protecting the cable засоби захисту кабельної системи
system
64.power supply systems системи електропостачання
65.archiving tools засоби архівування
66.disk arrays дискові масиви
67.power outages відключення електроенергії
68.failures of disk systems збої дискових систем
69.failures of data archiving systems збої в роботі систем архівування
даних
70.failures of servers, workstations збої в роботі серверів, робочих
станцій
71.destruction or alteration of data знищення або зміна даних
72.global computer networks глобальні комп’ютерні мережі
73.personal key персональний ключ
74.smart-card смарт-картка
75.workstation робоча станція
76.remote users віддалені користувачі
77.bridges мости
78.remote access routers маршрутизатори віддаленого доступу
79.decrypting розшифровка
80.encryption of data шифрування даних
81.radio networks радіомережі
82.scanning devices скануючі пристрої
83.DES and RSA algorithms Шифрування алгоритмів DES та RSA
encryption
84.systems of differentiation of системи диференціації живлення
powers
85.cognitive science когнітивна наука
86.unauthorized copying несанкціоноване копіювання
87.cloud computing хмарні обчислення
88.digital keys цифрові ключі
89.online harassment переслідування в Інтернеті
90.cyber-bullying кібербулінг
91.trolling тролінг
92.legitimate person законна особа
93.availability доступність
94.summary taxonomy узагальнена систематика
22
 95.catfishing переслідування
96.consume system resources споживання системні ресурси
97.breached passwords порушені паролі
98.password crackers зломщики паролів
99.cross-border attacks транскордонні атаки
100. detection and prosecution виявлення та притягнення до
відповідальності

Annotation
Кіберзлочинність є суттєвою проблемою для суспільства, але вона може
бути особливо шкідливою для людей, які стають жертвами.
В його основі є, мабуть, три типи кіберзлочинності: злочини в пристрої,
злочини, що використовують пристрій, і злочини проти пристрою.
Метою даної роботи є ознайомлення з проблемами кіберзлочинності та
безпеки в Інтернеті, детально зупинитися на кіберзлочинах, що проводяться
проти осіб. Зосередимся на багатьох злочинах, що відбуваються сьогодні, та
дізнаємося більше про те, як злочинці створюють ці напади, їх мотивацію, а
також ключові людські фактори та психологічні аспекти, які роблять
кіберзлочинців успішними. Сфери охоплюють соціальну інженерію (наприклад,
фішинг), переслідування в Інтернеті (наприклад, залякування в Інтернеті,
тролінг), злочини, пов’язані з особистими даними (наприклад, викрадення
особистих даних та зловживання ними), хакерство (наприклад, зловмисне
програмне забезпечення та злом облікових записів), а також злочини за відмову
в обслуговуванні (DoS).

23