Cyber crime

The technological revolution has provided new tools to misappropriate funds, damage property, and sell
illicit material. It has created cyber-crime, a new breed of offenses that can be singular or ongoing but
typically involve the theft and/or destruction of information, resources, or funds utilizing computers,
computer networks, and the Internet.

The widespread use of computers and the Internet has ushered in the age of information technology (IT)
and made it an intricate part of daily life in most industrialized societies. IT is responsible for the
globalization phenomenon or the process of creating transnational markets, politics, and legal systems—
in other words, creating a global economy.

This vast network has become a target for illegal activities and enterprise. As a group, these activities are
referred to as cyber-crime—any criminal act that involves communication, computer and Internet
networks.

1. Cyber theft
Use of cyberspace either to distribute illegal goods and services or to defraud people for quick profits, is
called cyber theft.

Example

Illegal copyright infringement, identity theft, Internet securities fraud

Insight

It is ironic that technological breakthroughs since the dawn of the Industrial Revolution—such as
telephones and auto-mobiles—not only brought with them dramatic improvements for society but also
created new opportunities for criminal wrongdoing. The same pattern is now occurring during the IT
revolution. The computer and Internet provide opportunities for socially beneficial endeavors—such as
education, research, commerce, and entertainment—while at the same time serving as a tool to
facilitate illegal activity. The new computer-based technology allows criminals to operate in a more
efficient and effective manner. Cyber thieves now have the luxury of remaining anonymous, living in any
part of the world (such as the three hackers discussed above), conducting their business during the day
or in the evening, working alone or in a group, while at the same time reaching a much wider number of
potential victims than ever before. The technology revolution has opened novel methods for cyber theft
that heretofore were nonexistent. Cyber thieves conspire to use cyberspace to either distribute illegal
goods and services or to defraud people for quick profits.

Types

1. Computer fraud
There are a number of recent trends in computer frauds. Internal attacks are now outgrowing external
attacks at the world’s largest financial institutions. There has also been a growing trend to commit fraud
using devices that rely on IT for their operations. Automatic teller machines (ATMs) are now attracting
the attention of cyber criminals looking for easy profits. One approach is to use a thin, transparent-
plastic overlay on an ATM keypad that captures a user’s identification code as it is entered. Though the
plastic covering looks like some sort of cover to protect the keys, in fact, microchips in the device record
every key-stroke. Another transparent device inside the card slot captures card data. While the client
completes the transaction, a computer attached to the overlay records all the data necessary to clone
the card. Rather than rob an ATM user at gun-point, the cybercriminal relies on stealth and
technological skill to commit the crime.

2. Distributing illicit or illegal material

The Internet has become a prime source for the delivery of illicit or legally prohibited material. Included
within this market are distribution of pornography and obscene material, including kiddie porn and the
distribution of dangerous drugs.

i. Distributing pornographic content

The IT revolution has revitalized the porn industry. The Internet is an ideal venue for selling and
distributing obscene material; the computer is an ideal device for storage and view-ing. It is diffi cult to
estimate the vast number of websites featuring sexual content, including nude photos, videos, live sex
acts, and webcam strip sessions among other forms of “adult enter-tainment.” There are some
indicators that show the extent of the industry:

 Almost 90 percent of porn is created in the United States

 About $3 billion in revenue is generated from U.S. porn sites each year, compared to $9 billion
for all movie box office sales
 260 new porn sites go online daily

ii. Distributing dangerous drugs

In addition to sexual material, the Internet has become a prime purveyor of prescription drugs, some of
which can be quite dangerous when they are used to excess or fall into the hands of minors. While the
sites selling prescription drugs are booming, relatively few require that the patient provide a
prescription from his or her doctor, and of those that do, only about half require that the actual
prescription be provided; many accept a faxed prescription, giving buyers the opportunity for multiple
purchases with single scrip.

3. Denial-of-service attack

The methods used by the “Anonymous” group known as a denial-of-service attack, typically are
designed to harass or extort money from legitimate users of an Internet service by threatening to
prevent the user having access to the service.
  Attempts to flood a computer network, thereby preventing legitimate network traffic
 Attempts to disrupt connections within a computer net-work, thereby preventing access to a
service
 Attempts to prevent a particular individual from accessing a service
 Attempts to disrupt service to a specific system or person

4. Copyright infringement

i. Warez

While the sites selling prescription drugs are booming, relatively few require that the patient provide a
prescription from his or her doctor, and of those that do, only about half require that the actual
prescription be provided; many accept a faxed prescription, giving buyers the opportunity for multiple
pur-chases with a single scrip.

ii. File sharing

Another form of illegal copyright infringement involves fi le-sharing programs that allow Internet users
to download music and other copyrighted material without paying the artists and record producers their
rightful royalties.

5. Internet securities fraud

i. Market manipulation

Stock market manipulation occurs when an individual tries to control the price of stock by interfering
with the natural forces of supply and demand. There are two principal forms of this crime: the “pump
and dump” and the “cyber smear.” In a pump and dump scheme, erroneous and deceptive information
is posted online to get unsuspecting investors interested in a stock while those spreading the
information sell previously purchased stock at an inflated price. The cyber smear is a reverse pump and
dump: negative information is spread online about a stock, driving down its price and enabling people to
buy it at an artificially low price before rebuttals by the company’s officers re-inflate the price.

ii. Fraudulent offerings of securities

Some cyber criminals create websites specifically designed to fraudulently sell securities. To make the
offerings look more attractive than they are, assets may be inflated, expected returns over-stated, and
risks understated. In these schemes, investors are promised abnormally high profits on their
investments. No investment is actually made. Early investors are paid returns with the investment
money received from the later investors. The system usually collapses, and the later investors do not
receive dividends and lose their initial investment.

iii. Illegal touting

This crime occurs when individuals make securities recommendations and fail to disclose that they are
being paid to disseminate their favorable opinions. If those who tout stocks fail to disclose their
relationship with the company, information misleads investors into believing that the speaker is
objective and credible rather than bought and paid for.

6. Identity theft

Identity theft occurs when a person uses the Internet to steal someone’s identity and/or impersonate
the victim to open a new credit card account or conduct some other financial transaction. It is a type of
cybercrime that has grown at surprising rates over the past few years.

i. Phishing

Some identity thieves create false e-mails or websites that look legitimate but are designed to gain
illegal access to a victim’s personal information; this is known as phishing (also known as carding and
spoofing).

ii. Vishing

Voice over Internet Protocol (VoIP) is a technology that allows people to make voice calls using a
broadband Internet connection instead of a regular (or analog) phone line.

In one version, the victim receives an e-mail that gives them a number to call. Those who call this
“customer service” number are led through a series of voice-prompted menus that ask for account
numbers, passwords, and other critical information. In another version, the victim is contacted over the
phone instead of by e-mail. The call is either a live person or a recorded message directing the victim to
take action to protect a personal account. The visher may have col-lected some personal information,
including account or credit card numbers, which can create a false sense of security for the victim.

7. E-tailing fraud

Etailing fraud can involve both illegally buying and selling merchandise on the net. Not only do etail
frauds involve selling merchandise, they can also involve buyer fraud. One scam involves purchasing top
of the line electronic equipment over the net and then purchasing a second, similar looking but cheaper
model of the same brand. The cheaper item is then returned to the etailer after switching bar codes and
boxes with the more expensive unit. Because etail return processing centers don’t always check
returned goods closely they may send a refund for the value of the higher priced model.

2. Cyber vandalism
Definition

Use of cyberspace for revenge, destruction, and to achieve a malicious intent is called cyber vandalism.

Example

Website defacement, worms, viruses, cyber stalking, cyber bullying

Insight
Some cyber criminals may not be motivated by greed or profit but by the desire for revenge and
destruction, and to achieve a malicious intent. Cyber vandalism ranges from sending destructive viruses
and worms to attacks stalking or bullying people using cyberspace as a medium. Cyber vandals may want
to damage or deface websites or even, pull a virtual fi re alarm.

Types

1. Viruses, worms, trojan horses, logic bombs and spams

The most typical use of cyberspace for destructive intent comes in the sending or implanting of
disruptive programs, called viruses, worms, trojan horses, logic bombs, and spam.

i. Viruses and worms

A computer virus is one type of malicious software program (also called malware) that disrupts or
destroys existing programs and networks, causing them to per-form the task for which the virus was
designed. The virus is then spread from one computer to another when a user sends out an infected fi le
through e-mail, a network, or a disk. Computer worms are similar to viruses but use computer net-works
or the Internet to self-replicate and send themselves to other users, generally via e-mail, without the aid
of the operator.

ii. Trojan Horses

Some hackers introduce a Trojan horse pro-gram into a computer system. The Trojan horse looks like a
benign application but contains illicit codes that can damage the system operations. Though Trojan
horses do not replicate themselves like viruses, they can be just as destructive.

iii. Logic Bombs

A fourth type of destructive attack which can be launched on a computer system is the logic bomb, a
program that is secretly attached to a computer system, monitors the network’s work output, and waits
for a particular signal such as a date to appear. Also called a slag code, it is a type of delayed-action virus
that may be set off when a program user makes certain input that sets it in motion. A logic bomb may
cause a variety of problems ranging from displaying or printing a spurious message to deleting or
corrupting data.

iv. Spam

An unsolicited advertisement or promotional material, spam typically comes in the form of an unwanted
e-mail message. A dangerous and malicious form of spam contains a Trojan horse disguised as an e-mail
attachment advertising some commodity such as free software or an electronic game.

2. Cyber stalking

Cyber stalking refers to the use of the Internet, e-mail, or other electronic communication devices to
stalk another person. Traditional stalking involves repeated harassing or threatening behavior, such as
following a person, making harassing phone calls, leaving written messages or objects, or vandalizing a
per-son’s property. Pedophiles can use the Internet to establish a relationship with the child, and later
make contact for the purpose of engaging in criminal sexual activities.

3. Cyber bullying

Cyber bullying is defined as willful and repeated harm inflicted through the medium of electronic text.
Like their real-world counterparts, cyber bullies are malicious aggressors who seek implicit or explicit
pleasure or profit through the mistreatment of other individuals. Cyber bullies are able to navigate the
net and utilize technology in a way that puts them in a position of power relative to their victim.

4. Cyber spying

Cyber spying is the act of illegally using the Internet to gather information that is considered private and
confidential. Cyber spies have a variety of motivations. Some are people involved in marital disputes
who may want to seize the e-mails of their estranged spouse. Business rivals might hire disgruntled
former employees, consultants, or outside con-tractors to steal information from their competitors.
These commercial cyber spies target upcoming bids, customer lists, product designs, software source
code, voice mail messages, and confidential e-mail messages. Some of the commercial spying is
conducted by foreign competitors who seek to appropriate trade secrets in order to gain a business
advantage.

5. Website defacement

Website defacement is a type of cyber vandalism that occurs when a computer hacker intrudes on
another person’s website by inserting or substituting codes that expose visitors to the site to misleading
or provocative information. Defacement can range from installing humorous graphics to sabotaging or
corrupting the site.

3. Cyber warfare
Definition

An effort by enemy forces to disrupt the intersection where the virtual electronic reality of computers
meets the physical world is called as cyber warfare.

Example

Logic bombs used to disrupt or destroy “secure” systems or networks, Internet used to communicate
covertly with agents around the world.

i. Hackers based in China, in June 2020, attempted over 40,000 cyber-attacks on India's
Information Technology infrastructure and banking sector in the just five days, during the
tussel on laddakh border.
 ii. Pakistan military, in August 2020, detected a major cyber-attack by Indian intelligence
agencies, targeting the mobile phones and gadgets of government officials and military
personnel.

Insight

Some cyber criminals are politically motivated. They may be employed by intelligence agencies to
penetrate computer networks at an enemy nation’s most sensitive military bases, defense contractors,
and aerospace companies in order to steal important data. It is believed that the agents have
compromised networks ranging from the Redstone Arsenal military base to NASA to the World Bank.
Hundreds of Defense Department computer systems have been penetrated and similar attacks have
been launched against classified systems in Britain, Canada, Australia, and New Zealand. In 2008, the
Pentagon issued a report on China’s cyber warfare capabilities, acknowledging that hackers in China had
penetrated the Pentagon’s computer system and that that intrusions, apparently from China, into
computer networks used “many of the skills and capabilities that would also be required for computer
network attack.”

1. Cyber war and terrorism

Cyber terrorism has been defined as “the premeditated, politically motivated attack against information,
computer systems, computer programs, and data which results in violence against noncombatant
targets by subnational groups or clandestine agents. Terrorist organizations are beginning to understand
the destructive power that cyber war can inflict on their enemies even though, ironically, they may
come from a region where computer databases and the Internet are not widely used.

2. Warfare and terrorism in cyberspace

Cyberspace is a handy battlefield for the terrorist because an attack can strike directly at a target that
bombs won’t affect: the economy. Because technological change plays a significant role in the
development of critical infrastructures, they are particularly vulnerable to attack.

Terror groups may find that waging cyber war has many advantages. There are no borders of legal
control, making it difficult for prosecutors to apply laws to some crimes. Terrorist groups can operate
from countries where cyber laws barely exist, making them almost untouchable. Cyber terrorists can
also use the Internet and hacking tools to gather information on targets. There is no loss of life and no
need to infiltrate “enemy” territory. Terrorists can wage cyber war from anyplace in the world, and the
costs are minimal. Nor do terror organizations lack for skilled labor to mount cyber-attacks. There are a
growing number of highly skilled computer experts available at reasonable costs in developing
countries.

3. Cyber war attacks

Computers can be used by terrorist groups to remain connected and communicate covertly with agents
around the world. Networks are a cost-effective tool for planning and striking.
Cyber-attacks may be directed at the enemy’s financial system. In ever-increasing numbers people are
spending and investing their money electronically, using online banking, credit card payment, and online
brokerage services. A cyber-attack can disrupt these transactions and interfere with the nation’s
economic well-being.

Terrorists can use the Internet to recruit new members and disseminate information. For example,
Islamic militant organizations use the Internet to broadcast anti-Western slogans and information.

4. Funding terrorist activities

Terrorist groups have used the Internet to conduct white-collar crimes in order to raise funds to buy
arms and carry out operations. One method of funding is through fraudulent charitable organizations
claiming to support a particular cause such as disaster relief or food services.

Cyber-crimes in Pakistan
At the national or local level, social media platforms are used for the purpose of harassment, stealing
information of others, and using electronic ways to violate human rights to privacy and independence.
Even, hackers used their skills and software to hack websites of the government, organizations, or
individuals for the purpose of extracting information and blackmailing. These are the new challenges
that are being faced by human beings in the ongoing era.

Social media channels are used to engage people in terrorist activities by building an appealing narrative
by appealing posts and content. People are targeted and contacted to join militant or terrorist groups
that disrupt the law and order situation in the country.

The Inter-Services Public Relations (ISPR) told in August 2020 that Pakistan's intelligence agencies had
identified a major cyber-attack by Indian intelligence agencies, targeting the mobile phones and gadgets
of government officials and military personnel.

PECA 2015

Prevention of Electronic Crimes Bill (PECB) 2015 was passed by the National Assembly in 2016 for
ensuring the applicability of strict laws to counter the erupting digital challenges for human rights. There
were severe concerns and apprehensions of the political opposition, the IT industry, civil rights
organizations, and civil society. They all termed the bill as controversial and draconian and claimed that
the bill would curb human rights, and overreach powers of agencies.

Outcomes after Prevention of Electronic Crimes Act 2015 (enacted in 2016)

Political activists and journalists were issued summonses to appear before the counter-terrorism wing of
the FIA for an investigation into “anti-state” activity. They were asked to appear with their electronic
devices. In some cases, these were seized and searched – without first obtaining a warrant, as required
under law. A list of 200 Facebook pages and Twitter accounts was put together by the FIA’s counter-
terrorism wing, comprising those allegedly engaged in propaganda against the armed forces and state
institutions. A case under Section 20 of PECA was lodged against a political activist in Lahore accused of
such propaganda.

Issues

However, there is a problem with the fair implementation of the laws or rules. Cybercrimes are
increasing day by day, which threatens the privacy of individuals and organizations, and human rights.
Primary rights such as freedom of speech should not be infringed at all under the aegis of such laws, but
issues which are being caused by cybercrimes must be tackled such as harassment, stealing individual
information and many more.

Policy Recommendations

1. International treaties

Because cyber-crime is essentially global, international cooperation is required for its control.

2. Creating public awareness

This issue should be sensitized. The government should establish public awareness programs regarding
anti cyber-crimes activities.

3. IT courses on cyber security

The people need to be trained on the knowledge of internet and computer crimes. The trained users
should be able to detect, prevent, incidences.

4. Filtration of data

Some countries like China and Saudi Arabia has implemented internet filtering for the clients at the ISPs
and government level. The government should prevent illegal access to block website. The websites
promoting or having keywords like terrorism, bomb making recipes and pornography should be blocked.

5. Training of police officials

The officials of police department should also be trained on investigation process and unified record
keeping.

6. Enforcement of cyber-crime laws

Pakistan is among those countries that have passed cyber laws for protecting and promoting of the
electronic transaction. The people committing cybercrimes should be dealt with iron hands and the laws
should be amended accordingly. This will not only prevent the fast rate of cybercrime but will also
motivate the victims to report more about the cybercrimes.

7. Research funding in certain areas

Some other recommendations are to extend the development of specialist police and forensic
computing resources. Support the international Computer Emergency Response Team (CERT)
community, including through funding, as the most likely means by which a large-scale Internet problem
can be averted or mitigated. Fund research into such areas as: Strengthened Internet protocols, Risk
Analysis, Contingency Planning and Disaster Propagation Analysis, Human Factors in the use of
computer systems, Security Economics.

Recent developments

Decline in cyber-crimes during 2020 despite increased internet usage owing to covid19

The Federal Investigation Agency (FIA) has reported a sharp decline in the cybercrime rate in Pakistan. A
report by the Cyber Crime Wing (CCW), a wing of the FIA that deals with crimes committed online,
stated that due to the effective measures put in place, there has been a significant reduction in the
number of online financial crimes during the covid-19 lockdowns. An analysis of the complaints
regarding online financial crimes registered with CCW approximately reported a 50% reduction in
crimes.

Recent guidelines to prevent crime

On the advice of the prime minister, the FIA had taken strict measures to prevent cybercrimes during
lockdowns and protect the public from online frauds as more people used the internet for various
purposes. Taking note of the public’s increased exposure, the FIA also made efforts to distribute useful
information about cybercrimes under the supervision of DG FIA Wajid Zia and ADG Ehsan Sadiq. The
agency shared awareness messages on different platforms and issued guidelines using social media and
broadcast media. These guidelines warn social media users, parents, children, and the general public
against possible online scams during lockdowns, how the cybercriminals operate and precautionary
measures to prevent such crimes.