Cyber crime and its types

Muhammad Khalid 20465 Alam Zeb 22439 Abdul Tawaab 35302

CYBER CRIME DEFINITIONS

The computer may have been used in the commission of a crime, or it may be the target.

Net crime refers to criminal exploitation of the Internet.

Cyber crimes are defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones.

The Department of Justice categorizes cyber

crime in three ways:

The computer as a target - attacking the computers of others (spreading viruses is an example).

The computer as a weapon - using a computer to commit "traditional crime" that we see in the physical world (such as fraud or illegal gambling).

The computer as an accessory - using a computer as a "fancy filing cabinet" to store illegal or stolen information.

IDENTITY THEFT

Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name.

Identity Theft is a type of fraud in which perpetrators obtain and use victims' private information, like social security numbers, bank account numbers and driver's license numbers.

Types of Identity Theft

1.

Criminal identity theft (posing as another person when apprehended for a crime) Financial identity theft (using another's identity to obtain credit, goods and services) Identity cloning (using another's information to assume his or her identity in daily life) Medical identity theft (using another's identity to obtain medical care or drugs) Child identity theft

2.

3.

4.

5.

TECHNIQUES FOR IDENTITY THEFT

Retrieving personal data from redundant IT equipment and storage media including PCs, servers, PDAs, mobile phones & hard drives. Using public records about individual citizens. Stealing bank or credit cards, identification cards, passports, authentication tokens typically by pick pocketing, mail theft or house breaking. Using 'contact less' credit card readers to acquire data wirelessly from RFID enabled machines.

Advertising bogus job offers in order to accumulate resumes and applications typically disclosing applicants' names, home and email addresses, telephone numbers and banking details etc.

CREDIT CARD FRAUDS

Credit card fraud is a wide-ranging term for theft and fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to a obtain unauthorized funds from an account. Credit card frauds in the United Kingdom alone were estimated at 535 million.

Origin of credit card frauds

Stolen cards. Cards not present transactions Account take over Skimming Carding BIN attack

Fraudulent charge bank schemes

Famous credit card frauds.

Between July 2005 and mid-January 2007, a breach of systems at TJX Companies exposed data from more than 45.6 million credit cards. Albert Gonzalez is accused of being the ringleader of the group responsible for the thefts.

In August 2009 Gonzalez was also indicted for the biggest known credit card theft to date information from more than 130 million credit and debit cards was stolen at Heartland Payment Systems, retailers 7-Eleven and Hannaford Brothers, and two unidentified companies.

Laws of cyber crime in Pakistan

The new law Prevention of Electronic Crimes Ordinance, 2009 (same as Prevention of Electronic Crimes Ordinance, 2007 & 2008) lapsed, which was promulgated by the President of Pakistan. The Prevention of Electronic Crimes Ordinance, 2009 extended to the whole of Pakistan.

Will apply to every person who commits an offence under the said Ordinance irrespective of his nationality or citizenship whatsoever or in any place outside or inside Pakistan, having detrimental effect on the security if Pakistan or its nationals or national harmony or any property or any electronic system or data located in Pakistan.

Laws of cyber crime in Pakistan

The ordinance i.e. Prevention of Electronic Crimes Ordinance, 2008 gives exclusive powers to the Federal Investigation Agency (FIA) to investigate and charge cases against such crimes. The ordinance covers provision for illegal and criminal acts such as data access, data damage, system damage, electronic fraud, electronic forgery, spamming, spoofing, cyber terrorism etc.

Prevention of Electronic Crimes Ordinances sanction for identity theft and misuse of information.
Section 8 states that,

Whoever for wrongful gain interferes with data, electronic system or electronic device, with intent to cause damage or injury to the public or to any person, or to make any illegal claim or title or to cause any person to part with property or to enter into any express or implied contract, or with intent to commit fraud by any input, alteration, deletion, or suppression of data, resulting in unauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless of the fact that the data is directly readable and intelligible or not shall be punished with imprisonment for a term which may extend to seven years, or with fine or with both.

Prevention of Electronic Crimes Ordinances sanction

Section 10 states that

Whoever discloses or obtains any password, access as to code, system design or any other means of gaining access to any electronic system or data with intent to obtain wrongful gain, do reverse engineering or cause wrongful loss to any other unlawful purpose shall be punished with imprisonment of either description for a term which may extend to three years or with both.

Encryption

Encryption is the process of transforming information, using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as key.

Encryption is also used to protect data in transit, for example data being transferred via networks (e.g. the Internet, ecommerce), mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines.

Encryption

Encryption, by itself, can protect the confidentiality of messages, but other techniques are still needed to protect the integrity and authenticity of a message; for example, verification of a message authentication code (MAC) or a digital signature.
Digital signature and encryption must be applied at message creation time (i.e. on the same device it has been composed) to avoid tampering. Otherwise any node between the sender and the encryption agent could potentially tamper it.

Data stolen from Branch Premises.

Following data can be stolen from branches.

CNIC Record.
Back Up Tape ATM/Credit cards before delivery to customers. Wrongly delivered statements or letter of thanks. Cheque from credit card payment box Account opening forms and other forms containing customers information