1

Running head: Cyber Crimes

Maher Aljahdali

Criminology

Cyber Crimes

Summer 2020
2
Cyber Crimes

The first cybercrime was in 1988. This kind of crime is still growing, and many may not

know the potential risks. From business to family, the danger is around as. The first hacker was

playing with his computer; he was not aware of what he was doing. Furthermore, the first large

(DDoS) attack was from Dr. Frankenstein; he was also unaware of the capability of his malicious

program. As a result, he became one of the first convicts of cybercrime. These new technologies

are still growing, and people are still growing knowledge about these technologies. The internet

of things is growing, and it will eventually be in every house. Cybercrime is more than just bank

account fraud; it also invades our privacy. Cybercrime includes fights between companies and

fighting between two governments and individuals fight. Vulnerabilities on the internet could

open us to great danger, such as stealing trade secrets as what is happening between Russia and

the USA or exposing an individual to great humiliation or a company.

Denial of service attack floods the target with many fake requests to fill the machine or

website's capacity.

Kinds of attacks.

* Buffer overflow. Send many requests to a website that will fill the website capacity to stop

customers from the websites or overwhelms them.

* ICMP floods. An attacker tries to damage the whole system with many fake requests, and the

attacker sends a request to the system, which needs the response.

* SYN flood. Requesting the server and never completing it will stop the typical user from using

the server.
3
Cyber Crimes

This kind of attack will stop many customers from using the website, which will lead to a

significant loss on a website such as an Amazon or any other popular website.

This type of attack could be minimal when the website makes an alternative server to take fake

requests.

Cross-Site Scripting.

According to MSSP, 40 percent of attacks on the internet are from Cross-site Scripting.

The attacker hacks the website, giving the attacker advantage to fake up any website page to let

the user uses it, as it is the original website he wanted, or inject the user with a program.

There are two types of cross-site Scripting.

* Reflected XSS. They inject the website content, which gives them the ability to infect all users

who used the source and steal their information.

* Stored XSS. This type will give the visitor another page as an ad to steal their information, as

you won an iPhone fill your name to get the gift.

SQL Injection.

This type of attack steals the database from a company that gives them information about

customers and much other sensitive information.

Type of SQL attack.

* Boolean. They send a request to test out the database, then work out a way to accomplish their

goal according to the results their getting.

* Time-based. Send request make delay in the system, which gives the attacker an idea if the
4
Cyber Crimes

work succeeded according to the outcome from the requests.

They may steal the whole database, which can be used for many reasons. To prevent these types

of attacks, use firewalls. SQL injection makes up 24 percent of cybercrime, according to MSSP.

Remote File Inclusion.

Affects vulnerabilities in websites where the attacker can take control over the site and execute

his code to the site. To these attacks, the site must be equipped with better security.

Credential Stuffing, and Brute Force Attack.

* Brute Force Attack. Will try as many passwords as possible, mostly a program that will try

many passwords until they reach the password.

* Credential Stuffing Attack. The attacker reused the old password or the stolen password and

username from another website or reused the stolen password in another site that the victim use.

In most businesses, the user needs to change his password monthly to limit these types of attacks.

However, many people use the same password for most of the sites that they use.

Social Engineers

play upon the victim to steal their identity or to steal confidential information. This type of attack

could harm companies, kids, and everyone. The attacker will look for sensitive information such

as product information or bank account or identity theft.

Type of Social Engineers.

* Biting to leave a USB or CD, somewhere to let someone else take it, this USB or CD are

infected with a spying program.

5
Cyber Crimes

* Phishing the attacker may fake up his identity to steal important information.

* Quid pro quo the attacker may ask for information to give something else that's desirable to the

victim, such as a woman's picture.

Moreover, the list goes on with this type of attack.

Internet of Things.

We rely on these types of devices to make our life easier—surveillance or a T.V, and many

other devices that we use in today's world.

These devices are connected with Bluetooth or directly with the router. An attack on these

devices could let them get to all the devices around, leading to sensitive information or privacy

invasion or sensitive devices. Most of these devices do not require a password or their original

manufacturer password 0000; they also are not equipped with advanced security or even an

update. According to Symantec, there were 5200 attacks per month involving the internet of

things. These types of attacks will grow as people come to understand technology.

finally Protecting family and business, with family monitor the kid's internet use, and only allow

safe sites to use, and always have antivirus. In the business, a cybersecurity team should manage

a policy. The policy should make employees change passwords frequently. Also, authentication

for their use, the policy should only allow them to use sites that the company uses and are not

allowed to use any other site than the business requires them to, and update to date all the

devices that need to be updated.

6
Cyber Crimes

Sources
https://www.imperva.com/learn/application-security/rfi-remote-file-inclusion/
https://www.imperva.com/learn/application-security/sql-injection-sqli/
https://www.imperva.com/learn/application-security/cross-site-scripting-xss-attacks/
https://owasp.org/www-community/attacks/xss/
https://www.msspalert.com/cybersecurity-breaches-and-attacks/5-most-common-web-
application-attacks/
https://www.imperva.com/learn/application-security/credential-stuffing/
https://www.akamai.com/uk/en/resources/what-is-a-botnet.jsp
https://digitalguardian.com/blog/what-social-engineering-defining-and-avoiding-common-social-
engineering-threats
https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos
https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/istr-2019-internet-
things-cyber-attacks-grow-more-diverse?om_ext_cid=biz_social3_AMS_NAM-IV_twitter_
https://www.webroot.com/blog/2019/04/23/the-evolution-of-cybercrime/
https://www.floridatechonline.com/blog/information-technology/a-brief-history-of-cyber-crime/
https://us.norton.com/internetsecurity-how-to-how-to-recognize-and-protect-yourself-from-
cybercrime.html