Module 1 Cybercrime Estrada-1-1

DATA CENTER COLLEGE OF THE PHILIPPINES
COLLEGE OF CRIMINAL JUSTICE EDUCATION LAOAG CITY
INTRODUCTION
Computer crime refers to a criminal activity involving a computer. The computer may be
used in the commission of a crime or it may be the target. Net-crime refers to the criminal use
of the internet. Cyber-crimes are essentially a combination of these two elements and can be
best defined as “Offenses that are committed against individuals or groups of individuals with
criminal motive to intentionally harm the reputation of the victim or cause physical or mental
harm to the victim directly or indirectly using modern telecommunication networks such as
internet (chatrooms, emails, notice boards and groups) and mobile phones (SMS, MMS).
In its most simple form, cyber-crime can be defined any illegal activity that uses a computer as
its primary means of function. The U.S Department of Justice broadens this definition to include
any illegal activity that uses a computer for the storage of evidence. The term ‘cyber-crime’ can
refer to offenses including criminal activity against data, infringement of content and copyright,
fraud, unauthorized access, child pornography and cyber-stalking.
The United Nations Manual on the Prevention and Control of Computer Related Crime
includes fraud, forgery, and unauthorized access in its definition of cyber-crime. Cyber-crime in
effect covers a wide range of attacks on individuals and organizations alike. These crimes may
include anything from an individual’s emotional or financial state to a nation’s security.
There are two main categories that define the make-up of cyber-crimes:
1. Those that target computer networks or devices such as viruses, malware, or denial
of service attacks.
2. Those that relate to crimes that are facilitated by computer networks or devices like
cyber-stalking, fraud, identity theft, extortion, phishing(spam) and theft of classified
information.
Cyber-crimes have expanded to include activities that cross international borders and
can now be considered a global epidemic. The International Legal System ensures cyber
criminals are held accountable through the International Criminal Court. Law enforcement
agencies are faced with unique challenges and the anonymity of the internet only complicates
the issues. There are problems in gathering evidence, cross-jurisdictional issues and
miscommunication to reporting.
It is widely known that victims of internet crimes are often reluctant to report an offense
to authorities. In some cases, the individual or organization may not be aware a crime has been
committed. Even though facilities for reporting incidents of cyber-crime have improved in recent
years many victims remain reluctant due essentially to embarrassment.
International cooperation is essential if an effective response is to be found against
global cyber-crime. No nation can expect to effectively combat the issue alone. Many computer-
INTRO TO CELP/MPE | 1
based crimes are initiated ‘off-shore’ and this presents enormous challenges to any nations law
enforcement agencies. It is critical that agencies from around the world formulate actionable
plans to detect, follow, arrest and prosecute cyber criminals.
The problem of cyber-crime seems almost immeasurable in size. Looking at recent
trends and advances in mobile technology and cloud computing we realize it is an ever-
evolving and rapidly changing dynamic. There is growing evidence globally of newly formed
partnerships between government and industry aimed at prevention. These partnerships create
opportunities to share information and bolster law enforcement response to organize Internet-
based crime.
This sharing of information creates concern in its self. It is an extremely complex and
sensitive issue. A balance must be found in efficiently maximizing distribution of information
and protecting it from organized cyber-criminal element.
Cyber-crime covers such a broad scope of criminal enterprise. The examples mentioned
above are only a few of the thousands of variant of illegal activities commonly classed as
cybercrimes. Computers and the internet have improved our lives in many ways. Unfortunately,
criminals now make use of these technologies to the detriment of society.
In our daily life, economic activities, and national security highly depend on stability,
safely and resilient cyberspace. A network brings communications and transports, power to our
homes, run our economy, and provide government with various services.
However, it is through the same cyber networks which intrude and attack our privacy,
economy, social life in a way which is harmful. Some scholars have interestingly argued that,
“in the internet nobody knows you are a dog”.
Environmental Law: The Perspective
With its provisions for general and particular care of the environment, environmental law will
continue to stress the absolute need for a regulatory frame work within which its existential,
social and aesthetic functions can be fulfilled. The five development trends of environmental
law that have been identified since the 1980s are grouped together in three focuses of
development:
• Integrated environmental strategies for the internal and external integration of
environmental care by means of further ecological development and harmonization of
environmental law,
• Indirect environmental strategies for the indirect guidance of environmental care conduct
by means of corresponding economic and other incentives and instruments and
• International environmental strategies to link national, supranational and international
environmental law by means of the promotion or adoption of supranational and
international developments.
In order to be able to master these development focuses appropriately environmental
law needs fundamental reform that builds upon the solid basis of the intervening measures of
direct conduct guidance and the planning measures that have been somewhat underestimated
in recent decades. At a national level the Environmental Code offers an appropriate legislative
type of action fort this reform of environmental reform and, at the same time, forms the
constitution of environmental order. This environmental order is designed not only to realize the
State’s constitutional objective of care of the environment. Linked to an economic order which
guarantees the autonomy of the individual and competition, and a strongly structured social
order, an environment order also helps the social market economy to gear itself to the needs of
the environment in such way that in can do ecological, economic and social justice to the model
of sustainable development.
It is high time and necessary to protect the environment and save whole mankind. It is
important to protect the environment because man-made disruptions to ecosystems can cause
extinction, because pollution creates dangers for both animals and people, and because
mankind owes the natural world a moral obligation.
Environmental protection is an important concept of sustainable development. As the
main player of sustainable development, enterprises should pursue the ecological, economic
and social sustainable development and take social responsibilities for the harmonious
development of the society and environment. Under the consideration of environmental
protection and sustainable development, enterprises should behave environmental friendly to
obtain the legitimacy from constituencies. Based on the theme of environmental protection, this
book introduces and discusses the literatures related to sustainable development and
legitimacy of enterprises.
Climate change. It’s worse than we imagined it would be. The effects of climate can
have a disastrous impact on our planet Earth. High temperatures, loss of wildlife species,
increase in sea level, changes in rainfall patterns, heat waves, stronger storms, wildfires and
shrinking of arctic ice are few of the dangerous effects of climate change.
Are we still going to ignore this problem as if it isn’t real? I implore you not to. Here are
five little things you can do to help save our planet as students.
COURSE OBJECTIVES
The major objectives in the study of Cyber-Crimes and Environmental Laws and Protection
in relation to the new curriculum for the Bachelor of Science in Criminology as stipulated in
CHED Memo #05 are enumerated:
✓ To become familiar with various definitions and typologies of cybercrime and
environmental laws and protection
✓ To understand the contribution of hackers, victims and IT managers to cybercrime
✓ To apply criminological theories in the study of cybercrime and environmental laws
✓ To become familiar with technical tools allowing the collection of data in cyber space
✓ To explain the role of both private sector and law enforcement agencies in investigating,
prosecuting and preventing cybercrime
✓ To apply environmental aspects in analytical, conceptual and implementation stage of
dealing with specific problem
✓ Conceptual solutions of regional development issues
✓ To apply the research process on cybercrime, environmental laws and protection
Cybercrime research has grown in visibility and importance during the last two decades.
Nevertheless, despite the growing public interest in cybercrime and its consequences for
businesses and individuals, only limited attention has been given in the criminological discipline
to investigation and understanding of this new type of crime.
The purpose of this subject is to introduce students with the technical, social and legal
aspects of cybercrime as well as expose students to theories and tools that enable scientific
exploration of this phenomenon. In the first weeks of the semester we will learn about the
computer and the internet, and discuss several definitions typologies of cybercrime, then
discuss the hacker, the victim and the IT manager. We will conclude this section by reviewing
important steps taken by scholars while conducting scientific research. We will review various
theories of crime causation, amd asses the relevance of these theories in the context of cyber
space. We will then describe several technical tools and allow the collection of data in the
internet. We will conclude with a discussion on the legal issues affected and crated by online
crime.
Likewise, on the second part of this book which id the study of Environmental Laws and
Protection. It will provide students with an understanding of the major environmental statutes
and the common and constitutional law that are relevant to the environmental protection in the
Philippines. Law will be examined from the point of view of its effectiveness in developing
healthy and sustainable human societies that also honor the inherent value of nature and of
people as part of nature.
Students will examine how we can use law to develop a cleaner, safer and more stable
economy, to protect our health, and the natural resources our descendants will need.
The five development trends of environmental law that have been identifies since the 1980s
are now grouped together in three focuses in development:
1. Integrated environmental strategies for the internal and external integration of
environmental care by means of further ecological development and harmonization of
environmental law,
2. Indirect environmental strategies for the indirect guidance of environmental care
conduct by means of corresponding economic and other incentives and instruments and
3. International environmental strategies to link national, multinational and international

environmental law by means of the promotion or adoption of multinational and
international developments.
In order to be able to master these development focuses appropriately environmental law
needs a fundamental reform that builds upon the solid basis of the intervening measures of
direct conduct guidance and the planning measures that have been somewhat underestimated
in the recent decades. At a national level the Environmental Code offers and appropriate
legislative type of action and changes at the same time. It forms the constitution of
environmental order.
This environmental order is designed not only to realize the State’s constitutional objective
of care of the environment. Linked to an economic order which guarantees the autonomy of the
individual and competition, and a strongly structured social order, an environment order also
helps the social market economy to gear itself to the needs of the environment in such a way
that it can do ecological, economic and social justice to the model of sustainable development.
“AS THE WORLD IS INCREASINGLY INTERCONNECTED, EVERYONE SHARES THE

RESPONSIBILITY OF SECUTRING CYBERSPACE” – Neuton Lee
“I DON’T WANT TO PROTECT THE ENVIRONMENT, I WANT TO CREATE A WORLD
WHERE THE ENVIRONMENT DOESN’T NEED PROTECTING” – anonymous REFERENCE:
PCol Florendo, A.M. & PSSgt Florendo, R.M., (2020). Introduction to Cyber Crime and
Environmental Laws and Protection. Wiseman’s Books Trading, Inc.
Disclaimer: All contents of the book are used in this module for academic purposes only.
CHAPTER I The Computer and the Internet
“Ever since men began to modify their lives by using technology they have found themselves
in a series of technological traps”
-Roger Revelle
Famed mathematician Charles Babbage designed a Victorian-era computer called the Analytical
Engine. This is a portion of the mill with a printing mechanism.
The computer was born not for entertainment or email but out of a need to solve a serious
number-crunching crisis. By 1880, the U.S. population had grown so large than it took more
than seven years to tabulate the U.S. Census results. The government sought a faster way to
get the job done, giving rise to punch-card based computers that took up entire rooms.
Today, we carry more computing power on our smartphones than was available in these early
models. The following brief history of computing is a timeline of how computers evolved from
their humble beginnings to the machines of today that surf the internet play games and stream
multimedia in addition to crunching numbers.
History of Computer
The computer as we know it today has its beginning with a 19 th century. English mathematics
professor named Charles Babbage. He designed the Analytical Engine and it was this design
that the basic framework of the computers of today are based on.
Generally speaking, computers can be classified into three generations. Each generation
lasted for a certain period of time, and each gave us either a new and improved computer or
an improvement to the existing computer.
First generation: 1937 – 1946 -In 1937 the first electronic digital computer was built by Dr.
John V. Atanasoff and Clifford Berry. It was called the Atanasoff-Berry computer (ABC). In 1943
an electronic computer name the Colossus was built for the military. Other developments
continued until 1946 the first general- purpose digital computer, the Electronic Numerical
Integrator and Computer (ENIAC) was built. It is said that this computer weighed 30 tons, and
had 18,000 vacuum tube which was used for processing. When this computer was turned on
for the first time, lights dim in sections of Philadelphia. Computers of this generation could only
perform single task, and they had no operating system.
Second generation: 1947 – 1962 -This generation of computers used transistors instead of
vacuum tubes which were more reliable. In 1951 the first computer for commercial use was
introduced to the public; the Universal Automatic Computer (UNIVAC 1). In 1953 the
International Business Machine (IBM) 650 and 700 series computers made their mark in the
computer world. During this generation of computers over 100 computer programming
languages was developed, computers had memory and operating system. Storage media such
as tape and disk were in use also were printers for output.
Third generation: 1963 – present -The invention of integrated circuit brought us the third
generation of computers. With this invention computers became smaller, more powerful more
reliable and they are able to run many different programs at the same time. In 1980 Microsoft
Disk Operating System (MS-Dos) was born and in 1981 IBM introduced the Personal
Computer (PC) for home and office use. Three years later, Apple gave us the Macintoch
computer with its icon driven interface and the 90s gave us Windows operating system.
As a result of the various improvements to the development of the computer we have seen the
computer being used in all areas of life. It is very useful tool that will continue to experience
new development as time passes by.
What does computer mean?

A computer is a machine or a device that performs processes, calculations and operations
based on instructions provided by a software or hardware program. It is designed to execute
applications and provides a variety of solutions by combining integrated hardware and software
components.
A computer is made up of multiple parts and components that facilitate user functionality. A
computer has two primary categories:
1. Hardware: Physical structure that houses a computer’s processor, memory, storage,
communication ports and peripheral devices
2. Software: Includes operating system (OS) and software applications.
A computer works with software programs that are sent to its underlying hardware architecture
for reading, interpretation and execution. Computers are classified according to computing
power, capacity, size, mobility and other factors, as personal computers (PC), desktop
computers, laptop computers, minicomputers, handheld computers and devices, mainframes or
supercomputers.
Computer Fundamentals
A computer is an electronic machine that accepts data, stores and processes data into
information. The computer is able to work because there are instructions in its memory
directing it. The parts of the computer that you can see and touch, such as the keyboard,
monitor and the mouse are called hardware. The instructions that direct the computer are
called software or computer program.
Data which is raw facts that the user enters into the computer is called input. These includes;
words, numbers, sound and pictures. When the data is entered into the computer, the
computer processes the data to produce information which is output. For example, you enter
2+2 into the computer as data, the computer processes it and the result is 4 which is
information.
Computers are usually categories into three general categories:

1. Supercomputer
2. Mainframe Computer
3. Personal Computer
There are two main types of personal computer. Macintosh (Macs) and the PC compatibles
(PC). The main difference between the two is the operating system and the processors they
use. This category of computer has two additional types of computers. These are mobile
computer and handheld computer. The most popular type of mobile computer is the notebook
or laptop computer, and the handheld computer is a very small PC that you can hold in your
hand.
It is important to note that, any computer; regardless of its size has an input device, output
device and a system unit.
Computer Hardware
You learned earlier that a computer has electronic and mechanical parts known as hardware.
Hardware also includes input devices, output devices, system unit, storage devices and
communication devices. Without these components we would not be able to use the computer.
Input Devices – An input device is any hardware component that allows you, the user to enter
data into the computer. There are many input devices.
Six of the most widely used input devices are:

1. Keyboard
2. Mouse
3. Scanner
4. Microphone
5. Digital camera
6. PC Video Camera
Output Devices – an output device is any hardware component that gives information to the
user.
Three commonly used output devices as are follows:
1. Monitor
2. Printer
3. Speaker
Computer Software
The computer will not work without the software. Software also called programs. These are the
instructions that tell the computer what to do and hoe to do it. The two main categories of
software are system software and application software. The system software also called the
operating system (OS) actually runs the computer. This software controls all the operations of
the computer and its devices. All computers use system software and without the system
software the application software will not work. The most common OC on a PC is the Windows
operating system and for the Mac computer it would be the Mac operating system.
Application software is a program that allows users to a specific task on the computer. There
are a number of different types of application software available to do many of the tasks we do
daily.
Four examples of common application software and what they are used for are:
1. Word Processing Application
2. Spreadsheet Application
3. E-Mail Application
4. Internet Application
Storage Media
Storage keeps data, information and instructions for use in the future. All computers use
storage to keep the software that makes the hardware work.
As a user you store a variety of data and information on your computer or on storage media.
Storage media are the physical materials on which data, information and instructions are kept.
When a user saves information or data to a storage medium he or she is storing a file, and this
process is called writing. When the file is opened the process is called reading.
Common storage media are:

1. Hard Drive
2. Floppy Disk
3. CD & DVD
4. USB Flash Drive
Computer Care
Taking care of your computer is just as important as taking care of your books. Both the
internal and external parts of the computer have to be cared for. Scanning, defragging and
reformatting are some of the activities performed to clean up the hard drive. These activities
are best left to a grown up and such you should not attempt them.
However, there are certain tasks you can perform to ensure your computer is clean; here are a
few:
1. Keep Dust Away
2. Keep Food Away
3. Use Clean Hands
4. Treat With Respect
5. Keep Off
6. Stop Virus Attack
7. Handle With Care
History of Internet
❖ The Internet Timeline begins in 1962, before the word internet was invented. The world’s
10,000 computers are primitive, although they cost hundreds of thousands of dollars. They
have only a few thousand words of magnetic core memory, and programming them is far
from easy.
❖ Domestically, data communication over the phone lines is an AT and T monopoly. The
‘picturephone’ of 1939, show again at the New York World’s Fair in 1964, is still AT&T’s
answer to the future of worldwide communications.
❖ But the four-year old Advanced Research Projects Agency (ARPA) of the U.S. Department
of Defense, a future-oriented funder of ‘high-risk, high-gain’ research, lays the groundwork
for what becomes the ARPANET and, much later, the internet.
❖ ARPANET adopted TCP/IP on January 1, 1983, and from there researchers began to
assemble the “network or networks” that became the modern internet. The online world then
took on a more recognizable from in 1990, when computer scientist Tim Berners-Lee
invented the World Wide Web.
❖ Vint Cerf. Widely known as a “Father of the Internet”, Cerf is the co-designer of the TCP/IP
protocols and the architecture of the internet. In December 1997, President Bill Clinton
presented the U.S. National Medal of Technology to Cerf and his colleague, Robert E.
Khan, for founding and developing the internet.
❖ Michael Bauer, the original owner of internet.org before Facebook founder and CEO Mark
Zuckerburg, discovered what became of his treasured domain just like anyone else: while
watching Chris Cuomo on CNN.
Meaning of Internet
The Internet, sometimes called simply “the Net”, is a worldwide system of computer networks –
a network of networks in which users at any one computer can, if they have permission, get
information from other computer (and sometimes talk directly to users at other computers).
It is also a means of connecting a computer to any other computer anywhere in the world via
dedicated routers and servers. When two computers are connected over the Internet, they can
send and receive all kinds of information such as text, graphics, voice, video, and computer
programs.
Basically, the way the internet works is by connecting billions of computers together in things
called networks. Networks (“Net” for short) are clusters of computers linked together so that
they can send data to each other. That is the ISP’s network you are on. The Internet grew out
of the Advanced Research Projects Agency’s Wide Area Network (then called ARPANET)
established by the US Department of Defense in 1960s for collaboration in military research
among business and government laboratories.
Later, universities and other US institutions connected to it. This resulted in ARPANET growing
beyond everyone expectations and acquiring the name ’internet’. The development of
hypertextbased technology (called world wide web, WWW, or just the Web) provided means of
displaying text, graphics, and animations, and easy search and navigation tools that triggered
Internet’s explosive worldwide growth.
Different Types of Internet Connections

1. Dial-Up (Analog 56K) – dial-up access is cheap but slow. A modern (internal or external)
connects to the internet after the computer dials a phone number. This analog signal is
converted to digital via the modern and sent over a land-line serviced by a public
telephone network. Telephone lines are variable in quality and the connection can be
poor at times. The lines regularly experience interference and this affects the speed,
anywhere from 28K to 56K. Since a computer or other device shares the same line as
the telephone, they can’t be active at the same time.
2. DSL. DSL stands for Digital Subscriber Line. It is an internet connection that is always
“on”. This uses 2 lines so your phone is not tied up when your computer is connected.
There is also no need to dial a phone number to connect. DSL uses a router to transport
data and the range of connection speed, depending on the service offered, is between
128K to 8 Mbps.
3. Cable. Cable provides an internet connection through a cable modem and operates over
cable TV lines. There are different speeds depending on if you are uploading data
transmissions or downloading. Since the coax cable provides a much greater bandwidth
over dial-up or DSL telephone lines, you can get faster access. Cable speeds range
from 512K to 20 Mbps.
4. Wireless. Wireless or Wi-Fi as name suggests, does not use telephone lines or cables to
connect to the internet. Instead, it uses radio frequency. Wireless is also an always on
connection and it can be accessed from just about anywhere wireless networks are
growing in coverage areas by the minute so when I mean access from just about
anywhere, I really mean it. Speeds will vary, and the range is between 5 Mbps to 20
Mbps.
5. Satellite. Satellite access the internet via a satellite in Earth’s orbit. The enormous
distance that a signal travels from earth to satellite and back again, provides a delayed
connection compared to cable and DSL. Satellite connection speeds are around 512K to
2.0 Mbps.
6. Cellular. Cellular technology provides wireless internet access through cellphones. The
speeds vary depending on the provider. But the most common are the 3G and 4G
speeds. A 3G is a term that describes a 3 rd generation cellular network obtaining mobile
speed of around 2.0 Mbps. 4G is the 4 th generation of cellular wireless standards. The
goal of 4G is to achieve peak mobile speeds of 100 Mbps but the reality is about 21
Mbps currently.
The internet is one of the fastest-growing areas of technical infrastructure development. Today,
information and communication technologies (ICTs) are omnipresent and the trends towards
digitization is growing. The demand of internet and computer connectivity has led to the
integration of computer technology into products that have usually functioned without it, such as
cars and buildings. Electricity supply, transportation infrastructure, military services and
logistics – virtually all modern services depend on the use of ICTs.
Although the development of new technologies is focuses mainly on meeting consumer

demands in western countries, developing countries can also benefit from new technologies
such as WiMAX and computer systems that are now available for less than USD 2006, many
more people in developing countries should have easier access to the internet and related
products and services.
The influence of ICTs on society goes far beyond establishing basic information infrastructure.
The availability of ICTs is a foundation for development in the creation, availability and use of
network-based services. E-mails have displaced traditional letters online web representation is
nowadays more important for businesses than printed publicity materials; and internet-based
communication and phone services are growing faster than landline communications.
The availability of ICTs and new network-based services offer a number of advantages for
society in general, especially for developing countries. ICT applications, such as e-government,
e-commerce, e-education, e-health, and e-environment and are seen as enablers for
development, as they provide an efficient channel to deliver a wide range of basic services in
remote and rural areas.
ICT applications can facilitate that achievement of millennium development targets, reducing
poverty and improving health and environmental conditions in developing countries. Given the
right approach, context and implementation process, investments in ICT applications and tools
can result in productivity and quality improvements. In turn, ICT applications may release
technical and human capacity and enable greater access to basic services. In this regard,
online identity theft and capturing the act of capturing another person’s credentials and/or
personal information via the internet with the intent to fraudulently reuse it for criminal purposes
is now one of the main threats to further deployment of e-government and e-business services.
The costs of internet services are often also much lower than comparable services outside the
network. E-mail services are often available free of charge or cost very little compared to
traditional postal service. The online encyclopedia Wikipedia can be used free of charge, as
can hundreds of online hosting services. Lower costs are important, as they enable services to
be used by many more users, including people with only limited income. Given the limited
financial resources of many people in developing countries, the internet enables them to use
services they may not otherwise have access to outside the network.
Advantages Risks of Information and Communication Technologies (ICTs)
The introduction of ICTs into many aspects of everyday life has led to the development of the
modern concept of the information society. This development of the information society offers
great opportunities. Unhindered access to information can support democracy, as the flow of
information taken out of the control of state authorities (as has happened, for example, in
Eastern Europe and North Africa). Technical developments have improved daily life – for
example, online banking and shopping, the use of mobile data services and voice over internet
protocol (VolP) telephony are just some examples of how far the integration of ICTs into our
daily lives has advanced.
However, the growth of the information society is accompanied by new and serious threats.
Essential services such as water and electricity supply now rely on ICTs. Cars, traffic control,
elevators, air conditioning and telephones also depend on the smooth functioning of ICTs.
Attacks against information infrastructure and internet services now have the potential to harm
society in new and critical ways. Attacks against information infrastructure and internet services
have already taken place. Online fraud and hacking attacks are just examples of computer
related crimes that are committed on a large scale every day. The financial damage caused by
cybercrime is reported to be enormous.
In 2003 alone, malicious software caused damages of up to USD 17 billion. By some

estimates, revenues from cybercrime exceeded USD 100 billion in 2007, outstripping the illegal
trade in drugs for the first time. Nearly 60 percent of businesses in the United States believe
that
cybercrime is more costly to them than physical crime. These estimates clearly demonstrate
the importance of protecting information infrastructure. Most of the above-mentioned attacks
against computer infrastructure are not necessarily targeting critical infrastructure. However,
the malicious software “Stuxnet” that was discovered in 2010 underlines the threat of attacks
focusing on critical infrastructure. The software, with more than 4 000 functions, focused on
computer systems running software that is typically used to control critical infrastructure.
Committing a cybercrime automatically involves a number of people and businesses, even if

the offender acts alone. Due to the structure of the internet, the transmission of a simple e-mail
requires the service of a number of providers. In addition to the e-mail provider, the
transmission involves access providers as well as routers who forward the e-mail to the
recipient. The situation is similar for the downloading of movies containing child pornography.
The downloading process involves the content provider who uploaded the pictures (for
example on a website), the hosting provider who provided the storage media for the website,
the routers who provided the files to the user, and finally the access provider who enabled the
user to access the internet. Because of this improvement by multiple parties, internet service
providers have long since been at the center of criminal investigations involving offenders who
use the ISPs’ services to commit an offense.
One of the main reasons for this development is that, even when the offender is acting from
abroad, the providers located within the country’s national borders are a suitable subject for
criminal investigations without violating the principle of national sovereignty. That fact that, on
the one hand, cybercrime cannot be committed without the involvement of providers, and, on
the other hand, providers often do not have the ability to prevent these crimes.
The answer to the question is critical for economic development of the ICT infrastructure.
Providers will only operate their services if they are able to avoid criminalization within their
regular mode of operation. In addition, law enforcement agencies also have a keen interest in
this question. The work of law enforcement agencies very often depends on cooperation of,
and with, internet providers. This raises some concern, since limiting the liability of internet
providers for acts committed by their users could have an impact on the ISPs’ cooperation and
support for cybercrime investigations, as well as on the actual prevention of crime.
CHAPTER II What
is Cybercrime?
Cybercrime is an activity done using computers and internet. We can say that it is an unlawful
act wherein the computer either as a tool or target or both.
Cybercrime is any crime that takes place online or primarily online. That can run the gamut
from the aforementioned identity theft and other security breaches to things like
“revenge porn”, cyber-stalking, harassment, bullying and even child sexual exploitation.
Terrorists are collaborating more on the internet, moving that most terrifying of crimes into
cyberspace.
HISTORY OF CYBERCRIME
The firsts recorded cybercrime took place in 1820. That is not surprising considering the fact
that the abacus which is thought to be the earliest form of a computer, has been around since
3500 B.C. In India, Japan ang China, the era of modern computer, however, began with the
analytical engine of Charles Babbage. The first spam e-mail took place in 1976 when it was
sent out over the ARPANT. The first virus was installed on an Apple computer in 1982 when a
high school student, Rich Skrenta, developed the EIK Cloner.
Cybercrime first started with hackers trying to break into computer networks. Some did it just
for the thrill of accessing high level security networks, but others sought to gain sensitive,
classified material. Eventually, criminals started to infect computer systems with computer
viruses, which led to breakdowns on personal and business computers.
Banks and other financial institutions were amongst the first large scale computer users in the
private sector, for automate payroll and accounting functions. Therefore, fraud in a computer
scheme emerged. One of the first cited as an instance of the computer fraud involved
equityfunding corporation in the US, fraud was simple.
The frauds succeed because the auditors and regulators accepted computer printouts as
definitive evidence of policies and did not ask original documentation. When the fraud was
discovered, some 64,000 out of 97,000 policies allegedly issued by the company proved to be
false, almost 1 billion pounds estimated to be the loss.
Therefore, as the technological advance, the number of cybercrime cases increased. There is
no reliable and precise statistics of the losses the victims gain as the fact that victims do not
detect many of these crimes. Therefore, fights against computer crime began.
Several individuals were engaged in the fight against computer crime from the early
development. The founder and the father of the knowledge of computer crimes are by many
observers considered to be Donn B. Parker, USA. He was involved in the research of the
computer crime and security from the early 1970.
He served as a Senior Computer Security Consultant at the SRI International (Stanford

Research Institute), and was the main author of the first basic federal manual for law
enforcement in the USA: “Computer Crime – Criminal Justice Resource Manual” (1979). This
manual became soon an encyclopedia also for law enforcement outside US.
Development of Computer Crime and Cybercrime
The criminal abuse of information technology and the necessary legal response are issues that
have been discussed ever since the technology was introduced. Over the last 50 years,
various solutions have been implemented at the national and regional levels. One of the
reasons why the topic remains challenging is the constant technical development, as well as
the changing methods and ways in which the offenses are committed.
In the 1960s, the introduction of transistor -based computer systems, which were smaller and
less expensive than vacuum tube-based machines, led to an increase in the use of computer
technology. At this early stage, offenses focused on the physical damage to computer systems
and stored data. Such incidents were reported, for example, in Canada, where in 1969 a
student riot caused a fire that destroyed computer data hosted at the university. In the mid-
1960s, the United States started a debate on the creation of a central data-storage authority
for all ministries. Within this context, possible criminal abuse of databases and the related risks
to privacy were discussed.
In the 1970s, the use of computer systems and computer data increased further. At the end of
the decade, an estimated number of 100 000 mainframe computers were operating in the
United States. With falling prices, computer technology was more widely used within
administration and business, and by the public. The 1970s were characterized by a shift from
the traditional property crimes against computer systems that had dominated the 1960s, to
new forms of crimes. While physical damage continued to be a relevant form of criminal abuse
against computer systems, new forms of computer crime were recognized. They included the
illegal use of computer systems and the manipulation of electronic data. The shift from manual
to computer-operated transactions led to another new form of crime computer-related fraud.
Already at this time, multimillion dollar losses were caused by computer related fraud.
Computer-related fraud, in particular, was a real challenge, and law enforcement agencies
were investigating more and more cases. As the application of existing legislation in the
computer-crime cases led to difficulties, a debate about legal solutions started in different parts
of the world. The United States discussed a draft bill designed specifically to address
cybercrime. Interpol discussed the phenomena and possibilities for legal response.
In the 1980s, personal computers became more and more popular. With this development, the
number of computer systems and hence the number of potential targets for criminals again
increased. For the first time, the targets included a broad range of critical infrastructure. One
of the side effects of the spread of computer systems was an increasing interest in software,
resulting in the emergence of the first forms of software piracy and crimes related to patents.
The interconnection of computer systems brought about new types of offence. Networks
enabled offenders to enter a computer system without being present at the crime scene. In
addition, the possibility of distributing software through networks enabled offenders to spread
malicious software, and more and more computer viruses were discovered. Countries started
the process of updating their legislation so as to meets the requirements of a changing criminal
environment. International organizations also got involved in the process. OECD and the
Council of Europe set up study groups to analyze the phenomena and evaluate possibilities for
legal response.
The introduction of the graphical interface (“WWW”) in the 1990s that was followed by a rapid
growth in the number of internet users led to new challenges. Information legally made
available in one country was available globally – even in countries where the publication of
such information was criminalized. Another concern associated with online services that turned
out to be especially challenging in the investigation of transnational crime was the speed of
information exchange. Finally, the distribution of child pornography moved from physical
exchange of books and tapes to online distribution through websites and internet services.
While computer crimes were in general local crimes, the internet turned electronic crimes into
transnational crime. As a result, the international community tackled the issue more intensively.
UN General Assembly Resolution 45/121 adopted in 1990 and the manual for the prevention
and control of computerrelated crimes issued in 1994 are just two examples.
As in each preceding decade, new trends in computer crime and cybercrime continued to be
discovered in the 21st century. The first decade of the new millennium was dominated by new,
highly sophisticated methods of committing crime, such as “phishing”, and “botnet attacks”,
and the emerging use of technology that is more difficult for a law enforcement to handle and
investigate such “voice-over IP (VoIP) communication” and “cloud computing”. It is not only the
methods that changed, but also the impact. As offenders became able to automate attacks, the
number of offences increased. Countries and regional and international organizations have
responded to the growing challenges and given response to cybercrime high priority.
What is Cybercrime?
Cybercrime consists of illegal activity conducted on a computer. Traditional crimes may be

committed while using a computer, but cybercrimes consists of more specific types of crimes,
such as phishing schemes and viruses.
Cybercrime or computer-oriented crime, is crime that involves a computer and a network.

The computer may have been used in the commission of a crime, or it may be the target.
Cybercrimes can be defined as: “Offenses that are committed against individuals or groups of
individuals with a criminal motive to intentionally harm the reputation of the victim or cause
physical or mental harm, or loss, to the victim directly or indirectly, using modern
telecommunication networks such as Internet (networks including but not limited to chat rooms,
emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)”.
Cybercrime may threaten a person or a nation’s security and financial health. Issues
surrounding these types of crimes have become high profile, particularly those surrounding
hacking, copyright infringement, unwarranted mass-surveillance, sextortion, child pornography,
and child grooming.
There are also problems of privacy when confidential information is intercepted or disclosed,
lawfully or otherwise.
Debarati Halder and K. Jaishankar further define cybercrime from the perspective of gender
and define ‘cybercrime against women’ as “Crimes targeted against women with a motive to
intentionally harm the victim psychologically and physically, using modern telecommunication
networks such as internet and mobile phones”. Internationally, both governmental and non-
state actors engage in cybercrimes, including espionage, financial theft, and other cross-
border crimes. Cybercrimes crossing international borders and involving the actions of at least
one nation start is sometimes referred to as cyberwarfare.
A report (sponsored by McAfee) estimates that the annual damage to the global economy is at
$445 billion; however, a Microsoft report shows that such survey-based estimates are
“hopelessly flawed” and exaggerate the true losses by orders of magnitude. Approximately
$1.5 billion was lost in 2012 to online debit and credit card fraud in the US. In 2016, a study by
Juniper Research estimated that the costs of cybercrime could be as high as 2.1 trillion by
2019.
There has been confusion on the criteria used to determine the definition of the term Cyber
Crimes or computer crimes. Some argued that, it is any crime that involves the use of
computer; some argued that, it is a crime in the presence of computer. However, some have
criticized the categorization of cybercrime. Don Gotternbarn argued that, there is nothing
special on the crimes that happen to involve computers. Is it possible for a crime being
categorized in accordance to a tool, equipment, mechanism or means through which it was
committed? If that’s so, how many categories of crime would be there? How about the crime
committed through using a television, automobiles, scalpel, scissors, and other tools, can we
categorize each of them as individual crimes?
Concept of Cyber Crime (Gotternbarn)
In arguing against Gotternbarn, it is true that, we may not categorize other crimes in
accordance to tools, equipment, mechanism or means through which they were committed.
However, due to the nature and features of cyber crimes which differentiate, the traditional
universe and the cyber universe, led the traditional universe tremble like an earthquake, makes
crimes difficult to control than they were before, this initiates the concept of these crimes being
necessary categorized as Cyber Crimes.
Therefore, let Cyber Crimes be Cyber Crimes. Forester and Marrison argued that, cybercrime
is a criminal act in which a computer is used as a principal tool. In that matter, the theft of
computer hardware device, would not qualify as computer crime.
Is it true by using computer as the principal tool to commit a crime will amount to the computer
or cybercrime? For instance, in taxable transactions, in the case of data entry, can’t a person
commit fraud by just filling the wrong data into hardcopy version of tax forms which are the
same available in electronic forms?
Roy Girasa (2002) argued that, cybercrime is a generic term covering the multiplicity of crimes
found in penal codes or in legislation having the use of computers as a center component. To
him Ubiquity, global reach, universal standards, information richness, interactivity, information
density, personalization/customization, and social technology. As a result of these features, it
achieves unprecedented reach, and makes available vast amounts of information, of var ying
degrees of quality. Internet users cannot be regarded as a homogenous group.
Cybercrime is a crime as long as the penal codes and any other legislation clearly stipulate it
as involving not only the use of computers but the use of computers as the center component.
At the Tenth United Nations Congress on the Prevention of Crime and Treatment of Offenders,
in a workshop devoted to the issues of crimes related to computer networks, cyber crime was
broken into two categories and defined thus:
1. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means
of electronic operations that targets the security of computer systems and the data
processed by them.
2. Cybercrime in a broader sense (computer-related crime): Any illegal behavior directed
by means of, or in relation to, a computer system or network, including such crimes as
illegal possession and offering or distributing information by means of computer system
or network.
Even though this definition is not completely definitive, however it gives us a good starting
point, for determining just what cybercrime means, by incorporating computer crime and
computer related crime.
Computer crime has two elements:

1. Computer
2. Crime
Therefore, in involves a crime in a relationship with a computer. The relationship could involve
the direct usage of a computer by the criminal as one of the first famous computer criminals
did.
However, the relationship can be also be indirect, the criminal cannot only use a computer to
commit this crime but can also use someone to make changes in a computer system, by
manipulating a key computer user. Thus, one being the exploitation of weaknesses in the
technical IT infrastructure, the other being exploitation of trust in social fabric of IT users within
the organization.
Cybersecurity and Cybercrime
“Cybersecurity is the collection of tools, policies, security concepts, security safeguards,

guidelines, risk management approaches, actions, trainings, best practices, assurance and
technologies that can be used to protect the cyber environment and organization and user’s
assets. Organization and user’s assets include connected computing devices, personnel,
infrastructure, applications, services, telecommunication systems, and the totality of
transmitted and /or stored information in the cyber environment. Cybersecurity strives to
ensure the attainment and maintenance of the security properties of the organization and
user’s assets against relevant security risks in the cyber environment.
Cyber security involves protection of sensitive personal and business information through
prevention, detection and response to different online attacks. Cyber security actually
preventing the attacks.
Cyber Security – Privacy Policy:
Before submitting your name, e-mail, address on a website, look for the sites privacy policy.
Keep Software Up to Date: If the seller reduces patches for the software operating system your
device, install them as soon as possible. Installing them will prevent attackers from being able
to take advantage. Use good password which will be difficult for thieves to guess. Do not
choose option that allows your computer to remember your passwords.
DISABLE REMOTE CONNECTIVITY
Some PDAs and phones are equipped with wireless technologies, such as Bluetooth, that can
be used to connect to other devices or computers. You should disable these features when
they are not in use.
ADVANTAGES OF CYBERSECURITY
The cyber security will defend us from critical attacks.

1. It helps us to browse the site, website.
2. Internet Security process all the incoming and outgoing data on your computer.
3. It will defend us from hacks and viruses.
4. Application of cyber security used in our PC needs update every week.
SAFETY TIPS TO CYBER CRIME

1. Use antivirus software
2. Insert Firewalls
3. Uninstall unnecessary software
4. Maintain backup
5. Check security settings
Cybercrime and cybersecurity are issues that can hardly be separated in an interconnected
environment. The fact that the2010 UN General Assembly resolution on cybersecurity
addresses cybercrime as one major challenge underlines this. Cybersecurity plays an
important role in the ongoing development of information technology, as well as internet
services. Enhancing cybersecurity and protecting critical information infrastructures are
essential to each nation’s security and economic well-being. Making the internet safer (and
protecting internet users) has become integral to the development of new services as well as
government policy.
Deterring cybercrime is an integral component of a national cybersecurity and critical

information infrastructure protection strategy. In particular, this includes the adoption of
appropriate legislation against the misuse of ICTs for criminal or other purposes and activities
intended to affect the integrity of national critical infrastructures. At the national level, this is a
shared responsibility requiring coordinated action related to prevention, preparation, response
and recovery from incidents on the part of government authorities, the private sector and
citizens. At the regional and international level, this entails cooperation and coordination with
relevant partners. The formulation and implementation of a national framework and strategy for
cybersecurity thus requires a comprehensive approach.
Cybersecurity strategies – for example, the development of technical protection systems or the
education or users to prevent them from becoming victims of cybercrime can help to reduce
the risk of cybercrime. The development and support of cybersecurity strategies are vital
element in the fight against cybercrime.
The legal, technical and institutional challenges posed by the issue of cybersecurity are global
and far reaching, and can only be addressed through a coherent strategy taking in to account
the role of different stakeholders and existing initiatives, within a framework of international
cooperation. In this regard, the World Summit on the Information Society (WSIS) recognized
the real and significant risks posed by inadequate cybersecurity and the proliferation of
cybercrime. the provision of 108-110 of the WSIS Tunis Agenda for the Information Society
including the Annex, set out a plan for multi-stakeholder Understanding crime: Phenomena,
challenges and legal response implementation at the international level of the WSIS Geneva
Plan of Action, describing the multi-stakeholder implementation process according to eleven
action lines and allocating responsibilities for facilitating implementation of the different action
lines. At WSIS, world leader and governments designated ITU to facilitate the implementation
of WSIS Action
Line C5, dedicated to building confidence and security in the use of ICTs. In this regard, the
ITU Secretary-General launched the Global Cybersecurity Agenda (GCA) on 17 May 2007,
alongside partners from governments, industry, regional and international organizations,
academic and research institutions. The GCA is a global framework for dialogue and
international cooperation to coordinate the international response to the growing challenges to
cybersecurity and to enhance confidence and security in the information society. It builds on
existing work, initiatives and partnerships with the objective of proposing global strategies to
address today’s challenges related to building confidence and security in the use of ICTs.
Within ITU, the GCA compliments existing ITU work programs by facilitating the
implementation of the three ITU Sectors’ cybersecurity activities, within a framework of
international cooperation.
The Global Cybersecurity Agenda has seven main strategic goals, built on five work areas:
1. Legal measures;
2. Technical and procedural measures;
3. Organizational structures;
4. Capacity building; and 5. International cooperation.
The fight against cybercrime needs a comprehensive approach. Given the technical measures
alone cannot prevent any crime, it is critical that law enforcement agencies are allowed to
investigate and prosecute cybercrime effectively. Among the GCA work areas, “Legal
measures” focuses on how to address the legislative challenges posed by criminal activities
committed over ICT networks in an internationally compatible manner. “Technical and
procedural measures” focuses on key measures to promote adoption of enhanced approaches
to improve security and risk management in cyberspace, including accreditation schemes,
protocols and standards.
“Organizational structures” focuses on the prevention, detection, response to and crisis
management of cyberattacks, including the protection of critical information infrastructure
systems. “Capacity building” focuses on elaborating strategies for capacity-building
mechanisms to raise awareness transfer know-how and boost cybersecurity on the national
policy agenda. Finally, “International cooperation” focuses on international cooperation,
dialogue and coordination in dealing with cyber threats.
The development of adequate legislation and within thus approach the development of a
cybercrime related legal framework is an essential part of a cybersecurity strategy. This
requires first of all the necessary substantive criminal law provisions to criminalize acts such as
computer fraud, illegal access, data interference, copyright violations and child pornography.
The fact that provisions exist in the criminal code that are applicable to similar acts committed
outside the network does not mean that they can be applied to acts committed over the
Internet as well. Therefore, a thorough analysis of current national laws is vital to identify any
possible gaps. Apart from substantive criminal law provisions, the law enforcement agencies
need the necessary tools and instruments to investigate cybercrime. Such investigations
themselves present a number of challenges. Perpetrators can act from nearly any location in
the world and take measures to mask their identity. The tools and instruments needed to
investigate cybercrime can be quite different from those used to investigate ordinary crimes.
Typology of Cyber Crime
The Convention on Cyber Crime distinguishes between four different types of offenses
1. Offences against the confidentiality, integrity, and availability of computer data and
systems, such as illegal access, illegal interception, data interference, system
interference, and misuse of devoice;
2. Computer-related offenses, such as computer-related forgery and computer-related
fraud;
3. Content-related offenses, such as offenses related to child pornography; and
4. Copyright-related offenses, such as offenses related to copyright infringement and
related rights.
Even though this typology of cybercrime is not wholly consistent, as the fourth category does
not focus on the object of legal protection but on the method, which in turn brings about
overlap between categories. Nonetheless, the categories serve as a useful basis for discussing
the phenomena of cybercrime globally.
The term “cybercrime” is used to cover a wide variety of criminal conduct. As recognized
crimes include a broad range of different offenses, it is difficult to develop a typology or
classification system for cybercrime.
One approach can be found in the Convention on Cybercrime, which distinguishes between
four different types of offenses:
1. Offenses against the confidentiality, integrity and availability of computer data and
systems;
2. Computer-related offenses;
3. Content-related offenses; 4. Copyright-related offenses.
This typology is not wholly consistent, as it is not based on a sole criterion to differentiate
between categories. Three categories focus on the object of legal protection: “offenses against
the confidentiality, integrity and availability of computer data and systems”; content-related
offenses; and copyright related offenses. The fourth category of “computer-related offenses”
109 does not focus on the object of legal protection, but on the method used to commit the
crime. This inconsistency leads to some overlap between categories.
In addition, some terms that are used to describe criminal acts (such as “cyberterrorism” or
“phishing”) cover acts that fall within several categories. Nonetheless, the four categories can
serve as a useful basis for discussing the phenomena of cybercrime.
Types of Cybercrime Description

1. Financial crimes Credit Card Fraud; Money Laundering
2. Cyber Pornography Pornographic Websites; Online Distribution
3. Online Gambling Millions of websites, all hosted on servers abroad, offer online
gambling
4. IP Crimes Software Piracy; Copyright Infringement; Trademarks Violations;
Theft of Computer Source Code.
5. Email Spoofing A spoofed email is one that appears to originate from one source but
actually has been sent from another source.
6. Cyber Defamation This occurs when defamation takes place with the help of computers
and/or the internet. E.g. someone publishes defamatory matter about
another on a website.
7. Cyber Stalking This involves following a person’s movements across the internet by
posting messages (sometimes threatening) on bulletin boards
frequented by the victim, entering chat-rooms frequented by the
victim, constantly bombarding the victim with emails etc.
8. Unauthorized Access Also known as hacking. Involves gaining access illegally to a
computer system or network and in some cases making
unauthorized use of this access. Hacking is also the act by which
other forms of cyber-crime (e.g. fraud, terrorism) are committed.
9. Theft Theft of any information contained in electronic from such as the
stored in computer hard disks, removal storage media, etc. Can
extend to identity theft.
10. Email Bombing This refers to sending a large number of emails to the victim resulting
in the victim’s email account (in case of an individual) or mail servers
(in case of accompany or an email service provider) crashing.
11. Salami Attacks These attacks are often used in committing financial crime and are
bases on the idea that an alteration, so insignificant, would go
completely unnoticed in a single case. E.g. a bank employee inserts
a program, into the bank’s servers, that deducts a small amount of
money (say 5 cents a month) from the account of every customer.
This unauthorized dept is likely to go unnoticed by an account holder.
12. Denial of Service This involved flooding a computer resource with more requests than
(DNS) Attack it can handle, causing the resource (e.g. a web server) to crash
thereby denying authorized users the service offered by the
resource. Another variation to a typical denial of service attack is
known as a Distributed Denial of Service (DDoS) attack wherein the
perpetrators are many and are geographically widespread. It is very
difficult to control such attacks and is often used in acts of civil
disobedience.
13. Virus/Worm Viruses are programs that attach themselves to a computer or a file
and then circulate themselves to other files and to other computers
on a network. They usually affect the data on a computer, either by
altering or deleting it. Worms, unlike viruses do not need the host to
attach themselves to. They merely make functional copies of
themselves and do this repeatedly till they eat up all the available
space on a computer’s memory.
14. Logic Bombs These are event dependent programs where programs kick into
action only when a certain event (known as a trigger event) occurs.
Some viruses may be termed logic bombs because they lie dormant
throughout the year and become active only on a particular date (e.g.
Chernobyl virus).
15. Trojan Attacks An unauthorized program which functions from inside what seems to
be an authorized program, thereby concealing what it is actually
doing.
16. Web Jacking This occurs when someone forcefully takes control of a website (by
cracking the password and later changing it).
17. Cyber-Terrorism Hacking designed to cause terror. Like conventional terrorism,
‘eterrorism” is utilizes hacking to cause violence against persons or
property, or at least cause enough harm to generate fear.
Classification of Computer Crimes
Computer crime encompasses a broad range of activities.
1. Financial fraud crimes – financial fraud can be broadly defined as an intentional act of
deception involving financial transactions for purpose of personal gain. Fraud is a crime,
and is also a civil law violation.
2. Internet fraud – means trying to trick or scam someone else using the internet. This
usually means that the person who is being tricked loses money to the people
scamming them. Internet fraud can take place on computer programs such as chat
rooms, e-mail, message boards, or web sites.
3. Computer fraud – is any dishonest interpretation of fact intended to let another to do or

refrain from doing something which causes loss. In this context, the fraud will result in
obtaining a benefit by:
a. Altering in an unauthorized way. This requires little technical expertise and is a
common form of theft by employees altering the data before entry or entering false
data, or by entering unauthorized instructions or using unauthorized processes;
b. Altering, destroying, suppressing, or stealing output, usually to conceal unauthorized
transactions. This is difficult to detect;
c. Altering or deleting stored data;
4. Other forms of fraud may be facilitated using computer systems, including
✓ Bank fraud – is the of potentially illegal means to obtain money, assets, or other
property owned or held by a financial institution, or to obtain money from depositors
by fraudulently posing as a bank or other financial institution. For this reason, bank
fraud is sometimes considered a white-collar crime.
✓ Carding – is a form of credit card fraud in which a stolen credit card is used to
charge prepaid cards. Carding typically involves the holder of the stolen card
purchasing store-branded gift cards, which can then be sold to others or used to
purchase other goods that can be sold for cash.
✓ Identity theft – also known as identity fraud, is a crime in which an imposter obtains
key pieces of personally identifiable information, such as Social Security or driver’s
license numbers, in order to impersonate someone else.
✓ Extortion – (also called shakedown, outwrestling and exaction) is a criminal offense
of obtaining money, property, or services from an individual or institution, through
coercion.
✓ Theft of classified information o classified information is sensitive information to
which access is restricted by law or regulation to particular classes of people. A
formal security clearance is required to handle classified documents or access
classified data. The operation of assigning the level of sensitivity to data is called
data classification.
A variety of internet scams, many based on phishing and social engineering, target consumers
and businesses.
Cyberterrorism
Government officials and information technology security specialists have documented a
significant increase in internet problems and server scans since early 2001. But there is a
growing concern among government agencies such as Federal Bureau of Investigations (FBI)
and the Central Intelligence Agency (CIA) that such intrusions are part of an organized effort
be cyberterrorists, foreign intelligence services, or other groups to map potential security holes
in critical systems. A cyberterrorist is someone who intimidates or coerces government or an
organization to advance his or her political or social objectives by launching a computer-based
attack against computers, networks or the information stored on them.
Cyberterrorism in general can be defined as an act of terrorism committed through the use of
cyberspace or computer resources (Parker 1983). As such, a simple propaganda piece in the
internet that there will be bomb attacks during the holidays can be considered cyberterrorism.
There are also hacking activities directed towards individuals, families, organized by groups
within networks, tending to cause fear among people, demonstrate power, collecting
information relevant for ruining peoples’ lives, robberies, blackmailing etc.
Cyber-extortion
Cyber-extortion occurs when a website, e-mail server, or computer system is subjected to or
threatened with repeated denial of service or other attacks by malicious hackers. These
hackers demand money in return for promising to stop the attacks and to offer “protection”.
According to the Federal Bureau of Investigation, cyber-crime extortions are increasingly
attacking corporate websites and networks, crippling their ability to operate and demanding
payments to restore their service. More than 20 cases are reported each month to the FBI and
many go unreported in order to keep the victim’s name out of the public domain. Perpetrators
typically use a distributed denial-of-service attack.
An example of cyberextortion was the attack on Sony Pictures of 2014.
Cyberwarfare
Sailors analyze, detect and defensively respond to unauthorized activity within U.S. Navy
information systems and computer networks.
The U.S. Department of Defense (DoD) notes that the cyberspace has emerged as a
nationallevel concern through several recent events of geo-strategic significance. Among those
are included, the attack on Estonia’s infrastructure in 2007, allegedly by Russian hackers. “In
August 2018, Russia again allegedly conducted cyberattacks, this time in a coordinated and
synchronized kinetic and non-kinetic campaign against the country of Georgia. The December
2015 Ukraine power grid cyberattack has also been attributed to Russia and is considered the
first successful cyberattack on a power grid. Fearing that such attacks may become the norm
in the future warfare among nation-state, the concept of cyberspace operations impacts and
will be adapted by war fighting military commanders in the future.
Computer as a target
These crimes are committed by a selected group of criminals. Unlike crimes using the
computer as a tool, these crimes require the technical knowledge of the perpetrators. As such,
as technology evolves, so too does the nature of the crime. These crimes are relatively new,
having been existence for only as long as computers have which explains how unprepared
society and the world in general is towards combating these crimes. There are numerous
crimes of this nature committed daily on the internet:
Crimes that primarily target computer networks or devices include:

1. Computer viruses
2. Denial-of-service attacks
3. Malware (malicious code)
Computer as a tool
Internet fraud, Spamming, Phishing, and Carding (fraud)

When the individual is the main target of cybercrime, the computer can be considered as the
tool rather than the target. These crimes generally involve less technical expertise. Human
weaknesses are generally exploited. The damage dealt is largely phycological and intangible,
making legal action against the variants more difficult. These are the crimes which have
existed for centuries in the offline world. Scams, theft and the likes have existed even before
the development in high-tech equipment. The same criminal has simply been given a tool
which increases his potential pool of victims and makes him all the harder to trace and
apprehend.
What does Spamming mean?

Spamming is the use of electronic messaging systems like e-mails and other digital delivery
systems and broadcast media to send unwanted bulk messages indiscriminately. The term
spamming is also applied to other media like in internet forums, instant messaging, and mobile
text messaging, social networking spam, junk fax transmissions, television advertising and
sharing network spam.
Crimes that use computer networks or devices to advance other ends include:
✓ Fraud and identity theft (although this increasingly uses malware, hacking or phishing,
making it an example of both “computer as target” and “computer as tool” crime)
✓ Information warfare
✓ Phishing scams
✓ Spam
✓ Propagation of illegal obscene or offensive content, including harassment and threats
Phishing is mostly propagated via email. Phishing emails may contain links to other websites
that are affected by malware. Or, they may contain links to fake online banking or other
websites used to steal private account information.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames,

passwords and credit card details by disguising one self as a trustworthy entity in an electronic
communication. Typically carried out by email spoofing or instant messaging, it often directs
users to enter personal information at a fake website which matches the look and feel of the
legitimate site. Phishing is an example of social engineering techniques being used to deceive
users. Users are often lured by communications purporting to be from trusted parties such as
social websites, auction sites, banks, online payment processors and IT administrators.
Obscene or offensive content

The content of websites and other electronic communications may be distasteful, obscene or
offensive for a variety of reasons. In some instances, these communications may be legal.
The extent to which these communications are unlawful varies greatly between countries, and
even within nations. It is a sensitive area in which the courts can become involved in arbitrating
between groups with strong beliefs.
One area of internet pornography that has been the target of the strongest efforts at
curtailment is child pornography, which is illegal in most jurisdiction in the world.
Online harassment
Various aspects needed to be considered when understanding harassment online.
Whereas, content may be offensive in a non-specific way, harassment directs obscenities and
derogatory comments at specific individuals focusing for example on gender, race, religion,
nationality, sexual orientation. This often occurs in chat rooms, through news groups, and by
sending hate-email to interested parties. Harassment on the internet also includes revenge
porn.
These are instances where committing a crime using a computer can lead to an enhanced
sentence. For example, in the case of United States v. Neil Scott, Kramer was served an
enhanced sentence according to the US Sentencing Guidelines §2G1.3(b)(3) for his use of a
cellphone to “persuade, induce, entice, coerce, or facilitate the travel of, the minor to engage in
prohibited sexual conduct”. Kramer argued that this claim was insufficient because his charge
included persuading through a computer device and his cellular phone technically is not a
computer. Although Kramer tried to argue his point, U.S. Sentencing Guideline Manual states
that the term computer means “an electronic, magnetic, optical, electrochemically, or other
highspeed data processing device performing logical, arithmetic, or storage functions, and
includes any data storage facility or communications facility directly related to or operating in
conjunction with such evidence”.
Connecticut was the U.S. state to pass a statue making it a criminal offense to harass
someone by computer. Michigan, Arizona, Virginia, and South Carolina have also passed laws
banning harassment by electronic means.
Harassment as defined in the U.S. computer statutes is typically distinct from cyber bullying in
that the former usually relates to a person’s “use a computer or computer network to
communicate obscene, vulgar, profane, lewd, lascivious, or indecent language, or make any
suggestion or proposal of an obscene nature, or threaten any illegal or immortal act”, while the
latter need not involve anything of a sexual nature.
Although freedom of speech is protected by law in most democratic societies (in the US this is
done by the First Amendment it does not include all types of speech. In fact, spoken or written
“true threat” speech/text is criminalized because of “intent to harm or intimidate”, that also
applies for online or any type of network related threats in written text or speech. The US
Supreme Court definition of “true threat” is “statements where the speaker means to
communicate a serious expression of an intent to commit an act of unlawful violence to a
particular individual or group”.
Drug trafficking
Darknet markets are used to buy and sell recreational drugs online. Some drug traffickers use
encrypted messaging tools to communicate with drug mules. The dark web sites Silk Road
was a major online marketplace for drugs before it was shut down by law enforcement (then
reopened under new management, and then shut down by law enforcement again). After Silk
Road 2.0 went down, Silk Road 3 reloaded emerged. However, it was just an older
marketplace named Diabolus Market, that used the name for more exposure from the brand’s
previous success.
CATEGORIES OF CYBER CRIME
We can categorize cybercrime in two ways.
1. The computer as a target :- using a computer to attacks other computer, e.g. Hacking,
virus/worms attacks, Dos attack etc.
2. The computer as weapon :- using a computer to commit real world crime e.g. cyber
terrorism, credit card fraud and pornography etc.
Diffusion of cybercrime
The broad diffusion of cybercriminal activities is an issue in computer crimes detection and
prosecution. According to Jean-Loup Richet (Research Fellow at ESSEC ISIS), technical
expertise and accessibility no longer acts as barriers to entry into cybercrime. Indeed, hacking
is much less complex than it was a few years ago, as hacking communities have greatly
diffused their knowledge through the Internet. Blogs and communities have hugely contributed
to information sharing: beginners could benefit from older hackers’ knowledge and advice.
Furthermore, hacking is cheaper than ever: before the cloud computing era, in order to spam
or scam one needed a dedicated server, skills in server management, network configuration
and maintenance, knowledge of Internet service provider standards etc. By comparison, a mail
software-as-a service is a scalable inexpensive, bulk, and transactional e-mail-sending service
for marketing purposes and could be easily set up for spam. Jean-Loup Richet explains that
cloud computing could be helpful for cybercriminal as a way to leverage his attack – brute-
forcing a password, improve the reach of a botnet, or facilitating a spamming campaign.
Investigation
A computer can be a source of evidence (see digital forensics). Even when a computer is not
directly used for criminal purposes, it may contain value to criminal investigators in the form of
a logfile. In most countries are required, by law, to keep their logfiles for a predetermined
amount of time. For example; a European wide Data Retention Directive (applicable to all EU
member states) states that all E-mail traffic should be retained for a minimum of 12 moths.
Methodology of cybercrime investigation
There are many ways for cybercrime to take place, and investigators tend to start with an IP
address trace, however that is not necessarily a factual basis upon which detectives can solve
a case. Different types high-tech crime may also include elements a low-tech crime, and vice
versa, making cybercrime investigators an indispensable part of modern law-enforcement.
Methodology of cybercrime detective work is dynamic and is constantly improving, whether in
close police units, or in international cooperation framework.
Legislation
Due to easily exploitable laws, cybercriminals use developing countries in order to evade
detection and prosecution from law enforcement. In developing countries, such as the
Philippines, laws against cybercrime is weak or sometimes nonexistent. These weak laws
allow cybercriminals to strike form international borders and remain undetected. Even when
identified, these criminals avoid being punished or extradited to a country, such as the United
States, that has developed laws that allow for prosecution. While this proves difficult in some
cases, agencies, such as the FBI, have used deception and subterfuge to catch criminals. For
examples, two Russian hackers had been evading the FBI for some time. The FBI set up a
fake computing company based on Seattle, Washington. They proceeded to lure the two
Russian men into the United States by offering them work with this company. Upon completion
of the interview, the suspects were arrested outside of the building. Clever tricks like this are
sometimes a necessary part of catching cybercriminals when weak legislation makes it
impossible otherwise. President Barack Obama released in an executive order in April 2015 to
combat cybercrime. The executive order allows United States to freeze assets of convicted
cybercriminals and block their economic activity within the United States. This is some of the
first solid legislation that combats cybercrime in this way.
The European Union adopted directive 2013/40/EU. All offenses of the directive, and other
definitions and procedural institutions are also in the Council of Europe’s Convention on
Cybercrime.
Penalties
Penalties for computer related crimes in New York State can range from a fine and a short
period of jail time for a Class A misdemeanor such as unauthorized use of a computer up to
computer tampering in the first degree which is a Class C felony and can carry 3 to 15 years in
prison.
However, some hackers have been hired as information security experts by private companies
due to their inside knowledge of computer crime, a phenomenon which theoretically could
create perverse incentives. A possible counter to this is for courts to ban convicted hackers
from using the internet or computers, even after they have been released form prison though
as computers and the internet become more and more central to everyday life, this type of
punishment may be viewed as more and more harsh and draconian. However, nuanced
approaches have been developed that manage cyber offender behavior without resorting to
total computer or internet bans. These approaches involve restricting individuals to specific
devices which are subject to computer monitoring or computer searches by probation or parole
officers.
Awareness
As technology advances and more people rely on the internet to store sensitive information
such as banking or credit card information, criminals increasingly attempt to steal that
information. Cybercrime is becoming more of a threat to people across the world. Raising
awareness about how information is being protected and the tactics criminals use to steal that
information continues to grow in importance. According to the FBI’s Internet Crime Complaint
Center in 2014 there where 269,422 complaints filed. With all the claims combined there was a
reported total loss of $800,492,073. But cybercrime does not yet seem to be on the average
person’s radar. There are 1.5 million cyber-attacks annually, that means that there are over
4,000 attacks a day, 170 attacks every hour, or nearly three attacks every minute, with studies
showing us that only 16% of victims had asked the people who were carrying out the attacks to
stop. Anybody who uses the internet for any reason can be a victim, which is why it is
important to be aware of how one is being protected while online.
Intelligence
As cybercrime is proliferated, a professional ecosystem has evolved to support individuals and

groups seeking to profit from cybercriminal activities. The ecosystem has become quite
specialized, including malware developers, botnet operators, professional cybercrime groups,
groups specializing in the sale of stolen content, and so forth. A few of the leading
cybersecurity companies have the skills, resources and visibility to follow the activities of these
individuals and group. A wide variety of information is available from these sources which can
be used for defensive purposes, including technical indicators such as hashes of infected
filesor malicious IPs/URLs, as well as strategic information profiling the goals, techniques and
campaigns of the profiled groups. Some of it is freely published, but consistent, on-going
access typically requires subscribing to an adversary intelligence subscription service. At the
level of an individual threat actor, threat intelligence is often referred to the actor’s “TTP”, or
“tactics, technique and procedures” as the infrastructure, tools, and other technical indicators
are often trivial for attackers to change.
Computer viruses are forms of code or malware programs that can copy themselves and
damage or destroy data and systems. When computer viruses are used on a large scale, like
with bank, government or hospital networks, these actions may be categorized as
cyberterrorism. Computer hackers also engage in phishing scams, like asking for bank account
numbers, and credit card theft.
Stalking Defined
Carrie walks back to her dorm room, but she cannot shake the feeling that she’s being
watched. Over the last two weeks, she has received several blocked calls to her cellphone.
Sometimes, she will answer the calls, and other times she lets it go to voicemail. When she
answers, no one speaks, and whoever it is does not leave a voicemail message. Carrie has
also been getting emails to her school account. The emails tell her that she is pretty, and there
will be comments about the pants or shirt she wore that day. Tonight, Carrie feels she needs to
talk to the police because she feels someone is stalking her.
The definition of stalking is when a perpetrator singles out a specific person and causes
the person emotional distress and causes the individual to fear for his or her life, safety,
or safety of others. A stalker can be a former boyfriend or girlfriend, an acquaintance or
stranger.
In order for stalking to be a crime, there has to be two or more occasions of visual or physical
proximity; non-consensual communication, either written or verbal; threats; or a combination of
any of these occasions. In the example, Carrie has had a combination of these occasions and
is being subjected to several types of stalking.
Types of Stalking
Stalking can occur in several forms.
The first type of stalking is when the perpetrator follows an individual and watches them. Maria
is being watched while she is walking back to her home. Her stalker is using surveillance
stalking to track and follow her. With surveillance stalking, the perpetrator is known to sit
outside the home, place of work, school, or other places that the individual usually go to
regularly. Along the surveillance stalking, there is cyber stalking.
Maria is also a victim of cyberstalking, which is the use of electronic means, such as the
internet or cellphones, to stalk victims. Cyberstalking is also considered unsolicited contact
from the perpetrator to the victim. The difference between cyberstalking and surveillance
stalking is that surveillance stalking is done in a physical sense, and cyberstalking is done
through technology and electronic means. The perpetrator has not made physical contact, so
the stalking is not considered aggravated stalking.
Another type of stalking is aggravated stalking. Aggravated stalking occurs when the
perpetrator restrains the victim, or violates an order of protection. Maria has not had any of
these happen to her, so her stalker is using surveillance stalking and cyberstalking. There are
also categories that try to define each type of stalker.
Types of Stalker
Actions define the type of stalking, but personalities combined with the actions define the type
of stalker:
1. Rejected Stalker – this type of stalker becomes upset when the friendship or romantic
relationship has ended. The rejected stalker is not only self-centered and jealous but
also over-dependent and persistent.
2. Resentful Stalker – the resentful stalker feels humiliated that the relationship has
ended and seeks revenge upon the victim. Resentful stalkers are often irrationally
paranoid and are known to verbally assault their victims.
3. Predatory Stalker – the predatory stalker seeks power and sexual gratification. They
will not make physical contact but will use surveillance to track the victim.
4. Intimacy Seeker – the intimacy seekers stalker seeks an intimate and romantic
relationship with the victim. When the stalker is rejected by the victim, he or she will
continually phone the victim, write the victim letters, and can become jealous and violent
if the victim enters into a relationship with someone else.
5. Incompetent Suitor – the incompetent suitor stalker usually has inadequate social
skills. They want a relationship with the victim but do not have the ability to realize he or
she is not meant to be with the victim.
6. Erotomania and Morbidly Infatuated – this type of stalker feels that the victim loves
them even though they may not have had any contact with the victim. The stalker is
usually paranoid, prefers suitors in a higher social class, and will repeatedly approach
the victim.
Cyberstalking is the use of the internet or other electronic means to stalk or harass an
individual, group, or organization. It may include false accusations, defamation, slander and
libel. It may also include monitoring, identity theft, threats, vandalism, solicitation for sex, or
gathering information that may be used to threaten, embarrass or harass.
Cyberstalking is often accompanied by real time or offline stalking. In many jurisdictions, such
as California, both are criminal offenses. Both are motivated by a desire to control, intimidate
or influence a victim. A stalker may be an online stranger or a person whom the target knows.
They may be anonymous and solicit involvement of other people online who do not even know
the target.
Cyberstalking is a criminal offense under various state anti-stalking, slander, and harassment
laws. A conviction can result in a restraining order, probation, or criminal properties against the
assailant, including jail.
Cyberstalking is a crime in which the attacker harasses a victim using electronic

communication, such as e-mail or instant messaging (IM), or messages posted to a web site or
a discussion group. A cyber stalker relies upon the anonymity afforded by the internet to allow
them to stalk their victim without being detected.
Online harassment, sometimes referred to as “cyber harassment”, usually pertains to
threatening or harassing emails, instant messages, or website entries. … To be considered
cyberstalking, the behavior must pose a credible threat of harm to the victim. All states have
anti-stalking laws, but the legal definitions vary.
CHAPTER III The Hacker, Hacking Tactics and The Victim
Who is the hacker?
Hacking emerged with the invention of computers. The term hacker has a variety of definitions.
Among computer professionals, it is applied to someone who is proficient at software
programming, debugging systems, or identifying vulnerabilities in a given computer, software
application, or computer network. These are valuable skills for computer programmers and
computer technicians. However, “hacker” has taken the negative meaning among the public
and in the media. Outside the computer industry, the term is now generally used to describe a
person with these skills who decides them to apply them toward a damaging or illegal purpose.
A hacker is an individual who uses computer, networking or other skills to overcome a

technical problem. The term hacker may refer to anyone with technical skills, but it often refers
to a person who uses his or her abilities to gain unauthorized access to systems or networks in
order to commit crimes. A hacker may, for example, steal information to hurt people via identity
theft, damage or bring down systems and often, hold those systems hostage to collect ransom.
The term hacker has historically been a divisive one, sometimes being used as a term of
admiration for an individual who exhibits a high degree of skill, as well as creativity in his or her
approach to technical problems. However, the term is more commonly applied to an individual
who uses this skill for illegal or unethical purposes.
There is a community, a shard culture, of expert programmers and networking wizards that
traces its history back through decades to the first time-sharing minicomputers and the earliest
ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built
the Internet. Hackers made the Unix operating system what it is today. Hackers make the
World Wide Web work. If you are part of this culture, if you have contributed to it and other
people in it know who you are and call you a hacker, you’re a hacker.
The hacker mindset is not confined to this software-hacker culture. There are people who
apply the hacker attitude to other things, like electronics and music, actually you can find it at
the highest levels of any science or art. Software hackers recognize these kindred sprits
elsewhere and may call them ‘hackers’ too and some claim that the hacker nature is really
independent of the particular medium of the hacker works in.
There is another group of people who loudly call themselves hackers but aren’t. These are
people (mainly adolescent males) who get a kick out breaking into computers and phreaking
the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them.
Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that
being able to break security doesn’t make you a hacker any more than being able to hotwire
cars makes you an automotive engineer. Unfortunately, many journalists and writers have
been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.
The basic difference is this: hackers build things, crackers break them.
Types of Hackers
The security community has informally used references to hat color as a way different types of
hacker are identified, usually divided into three types.
1. White hat
2. Black hat
3. Gray hat
White hat hackers, also known as ethical hackers, strive to operate in the public’s best
interest, rather than to create turmoil. Many white hat hackers work doing penetration, hired to
attempt to break into the company’s networks to find and report on security vulnerabilities. The
security firms then help their customers mitigate security issues before criminal hackers can
exploit them.
Black hat hackers intentionally gain unauthorized access to networks and systems with
malicious intent, whether to steal data, spread malware or profit form ransomware, vandalize
or otherwise damage systems or for any other reason including gaining notoriety. Black hat
hackers are criminals by definition because they violate laws against accessing systems
without authorization, but they may also engage in other illegal activity, including identity theft
and distributed denial-of-service attacks.
Gray hat hackers fall somewhere between white hat hackers and black hat hackers. While
their motives maybe similar to those of white hat hackers, gray hats are more likely than white
hat hackers to access systems without authorization; at the same time, they are more likely
than black hat hackers to avoid doing unnecessary damage to the systems they hack.
Although they aren’t typically-or only-motivated by money, gray hat hackers may offer to fix
vulnerabilities they have discovered through their own, unauthorized, activities rather than
using their knowledge to exploit vulnerabilities for illegal profit.
Hackers of all types participate in forums to exchange hacking information and tradecraft.
There are a number of hacker forums where white hat hackers can discuss or ask questions
about hacking. Other white hat forums offer technical guides with step-by-step instructions on
hacking.
Forums and marketplaces serving black hat hackers are often hosted on the dark web, and
offer black hat hackers with an outlet for offering, trading and soliciting illegal hacking services.
Criminal hackers, who sometimes lack their own technical skills, often use scripts and other
specifically designed software programs to break into corporate networks. This software may
manipulate network data network connection to gather intelligence about the workings of the
target system.
These scripts can be found posted on the internet for anyone, usually entry-level hackers, to
use. Hackers with limited skills are sometimes called script-kiddies, referring to their need to
use malicious scripts and their inability to create their own code. Advanced hackers might
study these scripts and then modify them to develop new methods.
The Hacker Attitude
1. The world is full of fascinating problems waiting to be solved.

2. No problem should ever have to be solved twice.
3. Boredom and drudgery are evil.
4. Freedom is good.
5. Attitude is no substitute for competence.
Hackers solve problems and build things, and they believe in freedom and voluntary mutual
help. To be accepted as a hacker, you have to behave as though you have this kind of attitude
yourself. And to behave as though you have the attitude, you have to really believe the
attitude.
But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture,
you’ll miss the point. Becoming the kind of person who believes these things is important for
you for helping you learn and keeping you motivated. As with all creative arts, the most
effective way to become a master is to imitate the mind-set of masters not just intellectually but
emotionally as well.
Unethical hacking can be called an illegal activity to get unauthorized information by modifying
a system’s features and exploiting its loopholes. In this world where most of the things happen
online, hacking provides wider opportunities for the hackers to gain unauthorized access to the
unclassified information like credit card details, email account details, and other personal
information.
Hacking techniques that are commonly used to get your personal information in an
unauthorized way.
Hacking techniques
1. Bait and switch
Using bait and switch hacking technique, an attacker can but advertising spaces on the
websites. Later, when a user clicks on the ad, he might get directed to a page that’s
infected with malware. This way, they can further install malware or adware on your
computer. The ads and download links shown in this technique are very attractive and
users are expected to end up clicking on the same.
2. Cookie theft
The cookies of a browser keep our personal data such as browsing history, username,
and passwords for different sites that we access. Once the hacker gets the access to
your cookie, he can even authenticate himself as you on a browser. A popular method
to carry out his attack is to encourage a user’s IP packets to pass through attacker’s
machine.
Also known as SideJacking or Session Hijacking, this attack is easy to carry out if the
user is not using SSL (https) for the complete session. On the websites where you enter
your password and banking details, it’s of utmost importance for them to make their
connections encrypted.
3. ClickJacking Attacks
ClickJacking is also known by a different name, UI Redress. In this attack, the hacker
hides the actual UI where the victim is supposed to click. This behavior is very common
in app download, movie streaming, and torrent websites. While they mostly employ this
technique to earn advertising dollars, others can use it to steal your personal
information.
In another word, in this type of hacking, the attacker hijacks the clicks of the victim that
aren’t meant for the exact page, but for a page where the hacker wants you to be. It
works by fooling an internet user into performing an undesired action by clicking on
hidden link.
4. Virus, trojan etc.
Virus or trojans are malicious software programs which get installed into the victim’s
system and keeps sending the victims data into the hacker. They can also lock your
files, serve fraud advertisement, divert traffic, sniff your data or spread on all the
computer connected to your network.
5. Phishing
Phishing is a hacking technique using which a hacker replicates the most-accessed

sites and traps the victim by sending that spoofed link. Combined with social
engineering, it becomes one of the most commonly used and deadliest attack vectors.
Once the victim tries to login or enters some data, the hacker gets that private
information of the target victim using the trojan running on the fake site. Phishing via
iCloud and Gmail attack was the attack route taken by the hackers who targeted the
“Frappening” leak, which involved numerous Hollywood female celebrities.
6. Eavesdropping (Passive Attacks)
Unlike other attacks which are active in nature, using a passive attack, a hacker just
monitors the computer systems and networks to gain some unwanted information.
The motive behind eavesdropping is not to harm the system but to get some information
without being identified. These types of hackers can target email, instant messaging
services, phone calls, web browsing, and other methods of communication. Those who
indulge in such activities are generally black hat hackers, government agencies, etc.
7. Fake WAP
Even just for fun a hacker can use software to fake a wireless access point. This WAP
connect to the official public place WAP. Once you connected the fake WAP, a hacker
can access your data, just like in the above case.
It’s one of the easier hacks to accomplish and one just needs a simple software and
wireless network. Anyone can name their WAP as some legit name like “Heathrow
Airport WiFi” ore “Starbucks WiFi” and start spying on you. One of the best ways to
protect yourself from such attack is using a quality VPN service.
8. Waterhole attacks
If you are a big fan of Discovery or National Geographic channels, you could relate
easily with the waterhole attacks. To poison a place, in this case, the hacker hits the
most accessible physical point of the victim.
For example, if the source of a river is poisoned. It will hit the entire stretch of animals
during summer. In the same way, hackers target the most accessed physical location to
attack the victim. That point could be a coffee shop, a cafeteria, etc.
Once hackers are aware of your timings using this type of hacking, they might create a
fake WiFi access point and modify your most visited website to redirect them to you to
get your personal information. As this attack collects information on a user from a
specific place, detecting the attacker is even harder. One of the best ways to protect
yourself against such type of hacking attacks is to follow basic security practices and
keep your software/OS updated.
9. Denial of Service (DoS\DDoS)
a Denial of Service attack is a hacking technique to take down a site or server by

flooding that site or server with a lot of traffic that the server is unable to process all the
requests in the real time and finally crashes down. This popular technique, the attackers
flood the targeted machine with tons of requests to overwhelm the resources, which, in
turn, restrict the actual requests from being fulfilled.
For DDoS attacks, hackers often deploy botnets or zombie computers which have got
the only work to flood your system with request packets. With each passing year, as the
malware and types of hackers keep getting advanced, the size of DDoS attacks keeps
getting increased.
10. Keylogger
Keylogger is a simple software that records the key sequence and strokes of your
keyboard into a log file on your machine. These log files might even contain your
personal email IDs and passwords. Also known as keyboard capturing, it can be either
software or hardware. While software-based keyloggers target the programs installed
on a computer, hardware devices target keyboards, electromagnetic emissions,
smartphone sensors, etc.
Keylogger is one of the main reasons why online banking sites give you an option to
use their visual keyboards. So, whenever you’re operating a computer in public setting,
try to take extra caution.
Hacker vs. Cracker
The term hacker was first used in 1960s to describe a programmer or an individual who, in an
era of highly constrained computer capabilities, could increase the efficiency of computer code
in a way that removed, or “hacked”, excess machine-code instructions from a program. It has
evolved over the years to refer to a person with an advanced understanding for computers,
networking, programming or hardware.
For many in technology, the term hacker is best applied to those who use their skills without
malicious intent, but over time the term has been applied to people who use their skills
maliciously. To counter the trend of labeling skillful technologies as criminals, the term cracker
was proposed for criminal hackers, with the intention of removing the stigma from being
labeled a hacker.
Within the hacker-cracker framework, hackers are those who seek to identify flaws in security
systems and work to improve them, including security experts tasked with locating and
identifying flaws in systems and fixing those vulnerabilities. Crackers, on the other hand, are
intent on breaching computer and network security to exploit those flaws for their own gain.
While technologists have promoted use of the term cracker over the years, the distinction
between differently motivated hackers is more commonly referenced by the use of white hat,
gray hat or black hat. In general use, cracker hasn’t found much traction.
Famous Hackers
While many famous technologists have been considered hackers, including Donald Knuth, Ken
Thompson, Vinton Cerf, Steve Jobs and Bill Gates, black hackers are more likely to gain
notoriety as hackers in mainstream accounts. Gates was also caught breaking into corporate
systems as a teenager before founding Microsoft.
Risk management typically falls into 8 areas:
1. Avoidance – take a close look at want information you store and what you need to store.
For example, 1-2 years after a purchase maybe you don’t need the credit card number
anymore and can blank it out with a permanent marker but still keep the receipt in case
of a tax audit.
2. Prevention – I think this self-explanatory, prevent access to data, prevent the removal of
data from business, etc.
3. Reduction – reduce a loss of it does occur. Take measure like placing limits on the
amount that can be withdrawn from a bank account at any time.
4. Separation – separate names from credit card numbers whenever possible. Separate
user names from passwords (store them in a separate databases). Separate customer
data from the internet by only accessing it on a computer that doesn’t have an internet
connection or email account.
5. Duplication – you actually want to reduce the duplication of customer data as the less
duplicates the less chances of theft but you may want to duplicate firewalls, etc.
6. Transfer – this is the biggest one, transfer the risk of storing credit card data to a
thirdparty processor like PayPal or your bank. Let them take the risk of storing credit
cards. Also, insurance is a form of transfer as you are transferring your risk to the
insurer.
7. Retention – as a last resort, be aware of the risk be risk your face but if you cannot
effectively manage it you must retain it or avoid it (by not engaging in business).
Cyber crime tactics: how to avoid becoming the victim
Cybercrime is on the rise, affecting millions of consumers and organizations all over the world.
Graham Day, author of December’s Book of the month, Security in the Digital World, says:
“Attackers are slowly discovering all the ways that devices can be used to attack others. As
this knowledge develops, the number and sophistication of attacks also increase”.
It’s important to be aware of the tactics cyber criminals use and how you can protect yourself.
How do cyber criminals attack?
Three methods that cyber criminals use to attack as defines Security in the Digital
World:
1. Social engineering: the attacker tries to manipulate you into giving them either your
information, or access to your computer so that they can get the information
themselves.
2. Malware: Malware is malicious software that will damage or harm your computer,
network or information with the sole intent of infecting your system.
3. Ransomware: Petya, Wanna Cry and Not Petya are all strains of ransomware that
affected the computer systems of organizations worldwide. Ransomware is a type of
malware that is delivered by social engineering and blocks access to the information
stored on your device/system.
These methods may be used on their own, or you could fall victim to an attack that uses a
combination. The attacker uses more than one type of communication to make you more
confident that you are not being duped or manipulated.
How to protect yourself from cybercrime

There are some basic precautions everyone using the internet should take to protect
themselves from the gamut of cybercrimes out there:
1. Use a full-service internet security suite such as Norton Security Premium to ensure that
you are protecting yourself against viruses, as well as other emerging threats on the
internet.
2. Use strong passwords, don’t repeat your passwords on different sites and make sure to
change your passwords regularly. A password management application can help you to
keep your passwords locked down.
3. Keep all your software updated. This is most important with your operating systems and
internet security sites. Hackers are most likely to use known exploits in your software to
gain access to your system. Patching those exploits makes it far less likely that you’re
going to be a victim.
4. Manage your social media settings to keep most of your personal and private
information locked down. Social engineering cybercriminals can often get your personal
information with just a few data points, so the less you share with the broader world, the
better.
5. Secure your home network with a strong encryption password as well as a VPN. A VPN
will encrypt all traffic leaving your devices until it arrives at its destination. Even if a
hacker manages to get in your communication line, they won’t intercept anything but
encrypted traffic.
6. Talk to your children about acceptable use of the internet without shutting down
communication channels. Make sure they know that they can come to you in the event
that they’re experiencing any kind of online harassment, bullying or stalking.
7. Keep up to date on major security breaches. If you have an account on a site that’s
been impacted by a security breach, find out what the hackers know and change your
password immediately.
8. If you believe that you’ve become a victim of a cybercrime, you need to alert the local
police and other law enforcement agencies who are also involved in the investigation of
cybercrimes. Even if the crime seems minor this is important, as you are helping to
prevent criminals from taking advantage of other people in the future.
Every citizen of a country has an obligation to do their part in the fight against cybercrimes. For
most people, that just means following a few simple, common-sense steps to keep you and
your family safe, as well as reporting cybercrimes to the relevant officials at the appropriate
time.
When you do that, you’re pulling your weight in the war on cybercrime.

Module 1 Cybercrime Estrada-1-1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 1 Cybercrime Estrada-1-1

Uploaded by

Copyright:

Available Formats

DATA CENTER COLLEGE OF THE PHILIPPINES

COLLEGE OF CRIMINAL JUSTICE EDUCATION LAOAG CITY

3. International environmental strategies to link national, multinational and international

“AS THE WORLD IS INCREASINGLY INTERCONNECTED, EVERYONE SHARES THE

CHAPTER I The Computer and the Internet

What does computer mean?

Computers are usually categories into three general categories:

Six of the most widely used input devices are:

Common storage media are:

Different Types of Internet Connections

Although the development of new technologies is focuses mainly on meeting consumer

Advantages Risks of Information and Communication Technologies (ICTs)

In 2003 alone, malicious software caused damages of up to USD 17 billion. By some

Committing a cybercrime automatically involves a number of people and businesses, even if

He served as a Senior Computer Security Consultant at the SRI International (Stanford

Development of Computer Crime and Cybercrime

Cybercrime consists of illegal activity conducted on a computer. Traditional crimes may be

Cybercrime or computer-oriented crime, is crime that involves a computer and a network.

Concept of Cyber Crime (Gotternbarn)

Computer crime has two elements:

Cybersecurity and Cybercrime

“Cybersecurity is the collection of tools, policies, security concepts, security safeguards,

Cyber Security – Privacy Policy:

DISABLE REMOTE CONNECTIVITY

The cyber security will defend us from critical attacks.

SAFETY TIPS TO CYBER CRIME

Deterring cybercrime is an integral component of a national cybersecurity and critical

Typology of Cyber Crime

Types of Cybercrime Description

Classification of Computer Crimes

Computer crime encompasses a broad range of activities.

3. Computer fraud – is any dishonest interpretation of fact intended to let another to do or

An example of cyberextortion was the attack on Sony Pictures of 2014.

Crimes that primarily target computer networks or devices include:

Internet fraud, Spamming, Phishing, and Carding (fraud)

What does Spamming mean?

Phishing is the fraudulent attempt to obtain sensitive information such as usernames,

Obscene or offensive content

CATEGORIES OF CYBER CRIME

We can categorize cybercrime in two ways.

Methodology of cybercrime investigation

As cybercrime is proliferated, a professional ecosystem has evolved to support individuals and

Stalking can occur in several forms.

Cyberstalking is a crime in which the attacker harasses a victim using electronic

CHAPTER III The Hacker, Hacking Tactics and The Victim

Who is the hacker?

A hacker is an individual who uses computer, networking or other skills to overcome a

The Hacker Attitude

1. The world is full of fascinating problems waiting to be solved.

1. Bait and switch

4. Virus, trojan etc.

Phishing is a hacking technique using which a hacker replicates the most-accessed

6. Eavesdropping (Passive Attacks)

9. Denial of Service (DoS\DDoS)

a Denial of Service attack is a hacking technique to take down a site or server by

Hacker vs. Cracker

Risk management typically falls into 8 areas:

Cyber crime tactics: how to avoid becoming the victim

How do cyber criminals attack?

How to protect yourself from cybercrime

You might also like