(ASSIGNMENT TEMPLATE ENGLISH VERSION)

(COVER PAGE)

< FACULTY >

< SEMESTER / YEAR>

< COURSE CODE> < COURSE TITLE>

MATRICULATION NO IDENTITY CARD NO. TELEPHONE NO. E-MAIL LEARNING CENTRE

: : : : :

<MATRIC NO> <IC NUMBER> <TELEPHONE> <EMAIL ID> <LEARNING CENTER>

OUMH1203

1.0

INTRODUCTION Cyber crime is not something new. The means by which criminals are able to

commit crimes has vastly changed in some respects thanks to the use of the Internet and computers. As technology advances, so does the ways in which criminals are able to pull off their horrendous deeds. With the Internet, crimes can now be committed more anonymously and with lightning speed. On the other hand, the same technology that allows criminals to engage in felonious acts is the exact same technology that helps law enforcement catches them. Some of the many crimes that are regularly committed with the facilitation of the Internet are child pornography, fraud, the sell and purchase of illegal guns or drugs, or other material that are protected by copyright. In the worst cases, cyber crimes can result in child abduction and molestation, and physical harm to victims. These crimes have forced lawmakers and legislators to look long at hard at the state of crimes in relation to the Internet, and what laws are in effect to protect and prevent such crimes from harming those at risk. In order to understand what makes a crime a "computer crime", one has to use their knowledge of computing in the crime. Computer crimes can be broken down into three categories: 1."Hacking" into someone's computer for the purpose of stealing by taking complete control over the information contained within, or gaining control over someone's computer in an effort to sabotage information or mess up the flow of information or crash the server. 2. Criminals use computers as ways to keep up with illegal contacts, such as drug dealers. A person who steals identities may use the computer to store stolen passwords, credit card info, and other sensitive information in furtherance of an illegal act. 3. The other way in which criminals utilize the computer to further illegal acts is through the act of communication. Email accounts on a computer can be used to set up any number of unlawful acts.

OUMH1203

2.0 2.1

CONTENT CLASSFIFICATION OF CYBER CRIME Today there is no clear classification of modus operandi for illegal interference in

computers, systems and networks functioning. On my opinion they can be divided in to 3 main groups: The first group: ways of direct access. It covers damaging, deletion, deterioration, alteration, suppression or copying of computer data, and also serious hindering without right of computer, system or network functioning by inputting corresponding commands from the computer where information is stored. Direct access may be made by both persons working with data (related to this work), and persons intentionally penetrating in restricted areas or premises, where information is processed. It is necessary to note that today mentioned ways are the least spread in view of decentralization of information processing. In other words it is easier to intercept computer information during its transfer via telecommunication channels or computer networks, than in case of direct penetrating in premises. Now and then in order to seize information left by the user, offender looks around workplaces of programmers for drafts. On this purpose criminal may examine and/or restore erased software. The second group includes ways of indirect (remote) access to information. Access without right to certain computer or information is made via computer networks from another computer, located at certain distance. Ways of indirect (remote) access are: 1. Connecting to telecommunication cables of authorized user (i.e. phone line) and obtaining access to his system. 2. Penetrating in other information systems by automated picking out of phone numbers of subscribers with further connection to their computers (picking out is carried out till the criminal receives the answer of the modem on the other side of phone line). It is necessary to note that attempt of unauthorized access may be detected easily. Thats why similar hack is carried out from several workplaces: at specified time several (more than 10) PCs perform attempt of unauthorized access. System security may prevent several attacks and others get desirable illegal access. One of the penetrated computers blocks network logging system that fixes all access attempts. In a result other penetrated 3

OUMH1203

computers may not be detected and allocated. Some of them start to hack certain subnetwork, other carry out fake operations in order to hinder functioning of the enterprise, institution, authority and cover up crime. 3. Penetrating in computer network with help of passwords, pretending to be an authorized user. Using this method violators crack password on purpose to access others computer. There is a number of specially developed software for these purposes. They may be purchased on the shadow computer market. Having got the right password (it takes less than 24 hours for choosing 8-digit password), illegal user obtains access to computer information and may use it whatever he likes: copy, delete, deteriorate, modify or suppress computer data, perform operations like wire transfers, forgery of payment orders, etc. as the authorized user. Methods of direct and electromagnetic interception are also referred to methods of indirect (remote) access to computer information. Direct interception is the simplest way of access without right. Intercept is made via external communication channels or by way of direct connection to cables of peripheral devices. At that cable and wire systems, land microwave systems, satellite communication systems and also government communication systems are the object of direct listening. Present day technical devices allow to obtain information directly without connecting to computer system: in result of emissions interception of central processors, display, communication channels, printer, etc. All this may be committed in enough distance from the object of interception. E.g. one may take information from computer located in a nearby room, building by using special equipment. Method of using bugs is one of the most spread electromagnetic interceptions. These bugs are sensitive microphones designed for listening of conversations of attendants. The third group is made up by mixed methods that may be committed both by direct and indirect (remote) access. They are: - Secret insertion of commands in programs that allow to perform new unplanned functions, making this program run able (program copies files, but simultaneously it deletes. (Program copies files, but simultaneously it deletes data on financial activity of enterprise); - alteration of programs by way of secret placing of command sets that should snap into action under specified conditions in some time. E.g. as soon as the program illegally 4

OUMH1203

transfers money funds to so called false account, it will self-destruct and delete all the data on the committed operation; - access to data bases and files of the authorized user through weak places in security systems. There arises an opportunity to read and examine information stored in the system, copy it, appeal for it in case of necessity. Thus one may appeal to data base of the competitor company and have an opportunity not only to analyze its financial state, but also obtain evident advantages in competition struggle; - using bugs in programs and flaws. The program is breaking and malefactor inputs some amount of certain commands that help to perform new unplanned functions, making this program run able. Thus, one may transfer money to false accounts, obtain info on real estate, identities, etc. Criminals may obtain passwords, keys, ids (by way of getting a list of users with all required info, documents in institutions where there is no control of documents preservation, listening of phone talks) and penetrate in computer system as authorized users. Systems with no authentic identification (e.g. identification by physiological features: fingerprints, eye retina, voice) are especially invulnerable in this relation. As it was already noticed, interference in computer, computer system and network operation without right may be connected to violating or threatening a person. Direct access to computer information connected to violating or threatening a person may occur in case when authorized user of other person after violating or under the threat of which, are forced to commit interference in computer, computer system and network operation without right. The damaging, deletion, deterioration, alteration or suppression of computer data without right is performed on the computer where information is stored. Indirect access to computer information connected to violating or threatening a person will take place in case of direct or electromagnetic interception of information from computer where it is stored (with further copying, deletion, alteration and suppression of computer data without right) is committed by a person, suffered violation. This action may be not compulsory committed by a person suffered violation in full extent. It is enough only to obtain passwords, ids, access cards, etc.

OUMH1203

Mixed methods of interference in computers, computer systems and networks operation without right may be committed the same way. For instance in case of physical influence (or threat) on programmers (operators) on purpose of inputting unplanned commands in program or its alteration: if violence occurs in order to detect flaws in security system, or other kinds of mistakes related to program structure, for its further use without right.

2.2 2.2.1

COMPARISON OF CYBER CRIMES IN MALAYSIA AND USA In Malaysia This year our nation experienced the first public health emergency being declared

by a government official regarding domestic violence. Nationwide, law enforcement officials indicate a dramatic increase in restraining orders as well as stalking cases that involve the use of technology. This is not good news for our nation's domestic violence and stalking victims. The Department of Justice statistical report of June 29, 2006 indicates on average, more than three women is murdered by their husbands or boyfriends in this country every day. Every 12 seconds a woman is beaten in this country as the result of domestic violence. The police report that domestic violence is the leading cause of injury to women between the ages of 15 to 44-more than car accidents, muggings, and rapes combined. Victim resources continue to be overwhelmed across the nation. Domestic violence victims' greatest service needs are for temporary and permanent safe housing, financial assistance, and counseling. In addition, domestic violence and stalking victims' also need access to social service support and advocacy, legal representation, vocational training and childcare. However, the victims needs don't stop there. The World Wide Web has created a new criminal epidemic known as cyber stalking. Cyber stalking impacts millions within the U.S. and a substantial number of cyber stalking victims are victims of domestic abuse. Far too often domestic violence victims become cyber stalking victims and our nation's resources and antiquated laws are not equipped to tackle these more difficult cases involving the use of technology. 6

OUMH1203

Domestic abusers have extended their reach in ways unlike ever before. For millions of domestic abuse victims' who are already the target of an abuser, and need to keep data from them it is particularly difficult in the 21st century primarily because of the on-line data furnishing industry and the many databases that house consumer private records information. Cyber stalking is a growing threat in our increasingly automated, technology-dependant society. Technology today allows for anyone including domestic abusers to harass and intimidate with no repercussions because their handiwork is nearly untraceable. Privacy protection is important to everyone; however, for victims of domestic violence privacy protection is far too often a matter of life or death. Domestic violence victims' who do the "right thing" and seek aid from government agencies and the courts create technological trails of their private lives in government records and on-line databases allowing for domestic abusers to become cyber stalkers with ease. Phone records, social security numbers, employment information, property records, credit information, medical records and more is available on-line today making a victims' path to freedom more difficult than ever before. 2.2.2

In USA The following is one case involving a famous series of DoS attacks: The Yahoo website was attacked at 10:30 PST on Monday, 7 Feb 2000. The attack lasted three hours. Yahoo was pinged at the rate of one gigabyte/second. The websites of amazon.com buy.com cnn.com eBay.com were attacked on Tuesday, 8 Feb 2000. Each attack lasted between one and four hours. CNN reported that the attack on its website was the first major attack since its website went online in August 1995.

The websites of E*Trade, a stock broker, and ZDNet, a computer information company, were attacked on Wednesday, 9 Feb 2000. About fifty computers at Stanford University, and also computers at the University of California at Santa Barbara, were amongst the zombie computers sending pings in these DoS attacks.

OUMH1203

The attacks received the attention of President Clinton and the U.S. Attorney General, Janet Reno. The FBI began to investigate. A CNN news report posted at 18:44 EST on 9 Feb 2000 quotes Ron Dick of the FBI's National Infrastructure Protection Center as saying "A 15-year-old kid could launch these attacks. It doesn't take a great deal of sophistication to do."

His remark was prophetic, because, on 18 April 2000, a 15-year-old pupil in Montral Canada was arrested and charged with two counts of "mischief to data" arising from his DoS attack on CNN. Because he was a juvenile, his name can not be publicly disclosed, so he was called by his Internet pseudonym Mafia boy. The Royal Canadian Mounted Police seized Mafia boys computer.

CNN reported that Mafia boy was granted bail, with the following conditions:
o o o

"may only use computers under the direct supervision of a teacher." "prohibited from connecting to the Internet" prohibited from entering "a store or company where computer services or parts are sold." "barred from communicating with three of his closest friends."

On 3 August 2000, Canadian federal prosecutors charged Mafia boy with 54 counts of illegal access to computers, plus a total of ten counts of mischief to data for his attacks on Amazon.com, eBay, Dell Computer, Outlaw.net, and Yahoo. Mafia boy had also attacked other websites, but prosecutors decided that a total of 66 counts were enough. Mafia boy pled not guilty.

In November 2000, Mafia boys bail was revoked, because he skipped school in violation of a court order. He spent two weeks in jail. In December 2000, Mafia boy, now 16 y old, dropped out of school (after being suspended from school six times since the beginning of that academic year, and failing all of his classes except physical education), and was employed at a menial job. He was again granted bail.

On 18 Jan 2001, Mafia boy pleaded guilty to 5 counts of mischief to data and 51 counts of illegal access to computers. As part of a plea agreement between his attorney and prosecutors, the prosecution dismissed the remaining ten counts.

OUMH1203

On 20 June 2001, a social worker reported to the court that Mafia boy "shows no sign of remorse" and "he's still trying to justify what he did was right." On 12 Sep 2001, Mafia boy was sentenced to spend eight months in a juvenile detention center, then spend one year on probation. Because Mafia boy was a child at the time of his crime, the maximum sentence that he could have received would be incarceration for two years. In issuing the sentence, Judge Gilles Ouellette commented: This is a grave matter. This attack weakened the entire electronic

communications system. And the motivation was undeniable; this adolescent had a criminal intent."

2.3

SUGGESTIONS It brings to light the crime of cyber stalking, the need to fortify current laws so as

to better protect potential victims, and what laws that exist today can do to help stop this rapidly expanding problem. To help shroud the public from this and other cyber crimes, many security measures need to be implemented such as: Tools used to filter and block unwanted contact from criminals to children, and other people who may be at risk. Programs should be implemented to teach children, parents and others about the importance of safe online conduct. Corporations need to work with law enforcement in an effort to curtail Internet crime, and to report suspicious activity to proper agencies. If we all work together, one day we may see a dramatic plummet in the amount and frequency of crimes as they relate to the Internet. Until that day, we all have an obligation to safeguard ourselves and our loved ones from cyber criminals and to report violations of inappropriate computer conduct.

OUMH1203

3.0

CONCLUSION In short, a separate ordinance for cyber crimes is in itself a step in the right

direction. After all, rule of law in any capacity always constitutes towards blossoming a trustworthy environment for business and individuals to work in. But merely passing a law has never been enough to curtail any crime; the real deterrent will be its implementation and awareness among the public. And if your are concerned for the security of your personal computer or if you are working for an organization there are many security software's are available in the market, but it is better to go for checkpoint certifications exams, Microsoft security exams or Cisco security exams for best protection of your own good, and preparing for any of these examswww.testkingdom.com is best and the most current and real versions of the exams you are looking for. You study with the most realistic material. (2859 words)

10

OUMH1203

4.0

REFERENCES

*Cybercrime More Profitable Than Drugs, NineMSN, More Info. **Identity Theft Statistics, Identity Protection Online, More Info. ***Eliminating Mobile Security Blindfolds, Tech News World, More Info. Krone, T., 2005. High Tech Crime Brief. Australian Institute of Criminology. Canberra, Australia. ISSN 1832-3413. 2005. Zeviar-Geese, G. 1997-98. The State of the Law on Cyberjurisdiction and Cybercrime on the Internet. California Pacific School of Law. Gonzaga Journal of International Law. Volume 1. 1997-1998.

11