Professional Documents
Culture Documents
Ict Contemporary Trends in Information and Communication Technology
Ict Contemporary Trends in Information and Communication Technology
Ict Contemporary Trends in Information and Communication Technology
COMMUNICATION TECHNOLOGY
In practice, cybercrime consists of criminal acts that are committed online by using
electronic communications networks and information systems - such as crimes specific
to the Internet, online fraud and forgery and illegal online content.
Criminals can also use computers for communication, documentation or data storage.
Criminals who perform these illegal activities are often referred to as hackers.
The cyber battle (battle against cyber crime) increases due to rapid adoption of
machine learning and artificial intelligence tools, as well as an increasing
dependency on software, hardware and cloud infrastructure.
(b) Crimes that use computer networks to advance other criminal activities
These types of crimes include cyber stalking, phishing, fraud or identity theft.
1
Causes of Cyber Crime:
Data Exfiltration
Organizations have lost control over sensitive and protected data. Cyber Criminals and
trusted employees are exfiltrating hundreds of gigabytes of sensitive data from
organizations daily. The increased use of unauthorized cloud applications and the
uncontrolled adoption of BYOD has weakened access controls, giving users a complete
access to large volumes of sensitive or classified data.
Social Engineering
2
Database Breaches
Uncontrolled identities and access control are exposing organizations. Identity and
access management processes and technologies are not well adopted in most local
organizations. Leading to unauthorized and inappropriate access to highly sensitive
information.
Insider Threats
Research indicates that over 80% of system related fraud and theft in 2015 are
perpetrated by employees and other insiders. It is shown that numerous cases of
privileged users probing systems for unauthorized access and attacking systems for a
variety of reasons include disgruntlement, revenge, and financial gain.
Cyber crimes are broadly categorized into three categories, namely crime against
Individual
This type of cybercrime can be in the form of cyber stalking, distributing illegal images
or photos, and trafficking.
Property
Just like in the real world where a criminal can steal and rob, even in the cyber world
criminals resort to stealing and robbing. In this case, they can steal a person’s bank
details and siphon off money; misuse the credit card to make numerous purchases
online; run a scam to get naïve people to part with their hard earned money; use
3
malicious software to gain access to an organization’s website or disrupt the systems of
the organization. The malicious software can also damage software and hardware, just
like vandals damage property in the offline world.
Government
Although not as common as the other two categories, crimes against a government are
referred to as cyber terrorism. If successful, this category can wreak havoc and cause
panic amongst the civilian population. In this category, criminals hack government
websites, military websites or circulate propaganda (eg Chemical Ali).
When any crime is committed over the Internet it is referred to as a cyber crime. We
classify cyber crime according to the following groups:
Hacking: This is a type of crime wherein a person’s computer is broken into so that his
personal or sensitive information can be accessed. This is different from ethical hacking,
which many organizations use to check their Internet security protection.
In hacking, the criminal uses a variety of software to enter a person’s computer and the
person may not be aware that his computer is being accessed from a remote location.
Theft: This crime occurs when a person violates copyrights and downloads music,
movies, games and software.
Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a
series of online messages and emails.
Identity Theft: In this cyber crime, a criminal accesses data about a person’s bank
account and other sensitive information to siphon money or to buy things online in the
victim’s name. It can result in major financial losses for the victim and even spoil the
victim’s credit history.
4
Malicious Software: These are Internet-based software or programs that are used to
disrupt a network. The software is used to gain access to a system to steal sensitive
information or data or causing damage to software present in the system
Types of cyber-crimes:
Computer Virus
The computer virus is the most well known type of cyber crime. A computer virus is a
computer program that piggybacks or attaches itself to application programs or other
executable system software; the virus subsequently activates, sometimes causing severe
damage to computer systems or files. The perpetrator may not steal assets but instead
creates havoc within the victim’s computer system. For this reason, a computer virus is
comparable to the manual crime of vandalism, in which the perpetrator does not steal
assets, but instead damages the victim’s
property.
Phishing
Phishing is occurs when the perpetrator sends fictitious emails to individuals with links
to fraudulent websites that appear official and cause the victim to release personal
information to the perpetrator. This information is then used for unauthorized purposes
such as fraudulent purchases, obtaining fraudulent loans, or identity theft.
Ransomware
A type of malicious software designed to block access to a computer system until a sum
of money is paid.
Malware
5
Botnet
A Botnet infection occurs when a hacker transmits instructions to other computers for
the purpose of controlling them. The hacker who disseminates the “bot” program is
referred to as a “herder.” Thousands of computers can be potentially infected. The
infected computers can then be used for various purposes such as spam distribution or
phishing. The legitimate owner of the computer usually does not know that it is
infected.
Spoofing
Spoofing occurs when the perpetrator uses email to gain the confidence of an individual
so that he or she provides personal information that is later used for unauthorized
purposes such as fraudulent purchases, obtaining fraudulent loans, or identity theft.
Spam is a key method used by email spoofers to trick individuals into providing their
personal information.
E-mail spoofing is a term used to describe fraudulent e-mail activity in which the
sender address and other parts of the e-mail header are altered to appear as though the
e-mail originated from a different source.
Email spoofing is used for spam e-mail and phishing to hide the origin of an e-mail
message. By changing certain properties of the e-mail, such as the From, Return-Path
and Reply-To fields (which can be found in the message header), ill-intentioned users
can make the e-mail appear to be from
someone other than the actual sender.
E-Bank Theft
E-bank theft occurs when a perpetrator hacks into a banking system and diverts funds
to accounts accessible to the perpetrator. To prevent e-bank theft, most major banks
severely limit what clients can do online. Fraudulent Internet banking sites are often
used to commit e-bank theft. The Internet can be used by criminals to establish fictitious
6
online banks that attract customer deposits with promises of extremely high interest
rates, after which the bank disappears with the money.
Netspionage
Netspionage occurs when perpetrators hack into online systems or individual PCs to
obtain confidential information for the purpose of selling it to other parties (criminals).
It is the use of email barrages, computer viruses, or other techniques to damage or shut
down online computer systems, resulting in loss of business.
Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations
in the TCP/IP protocol.
Software Piracy
Software piracy is the theft of intellectual assets associated with computer programs.
Software piracy results in loss of profits to companies and individuals who own the
software, while rewarding criminals who did not do the work or risk the resources
necessary to develop the software.
7
E-mail bombing
E-mail bombing refers to sending a large number of e-mails to the victim resulting in
the victim’s e-mail account (In case of Individual ) or mail servers (in case of a company
or an e-mail service provider) crashing.
Logic Bombs
In a computer program, a logic bomb is a programming code, inserted surreptitiously
or intentionally, that is designed to execute (or “explode”) under circumstances such as
the lapse of a certain amount of time or the failure of a program user to respond to a
program command.161 Software that is inherently malicious, such as viruses and
worms, often contain logic bombs that execute a certain payload at a pre-defined time
or when some other condition is met. This technique can be used by a virus or worm to
gain momentum and spread before being noticed. Many viruses attack their host
systems on specific dates, such as Friday the 13th or April fool’s Day. Trojans that
activate on certain dates are often called “time bombs”.
Cyber Terrorism:
Cyber terrorism is a deliberate usage of computer networks and public internet in order
to affect the personal objectives by using tools such as computer virus.
IT security
8
Information assurance
The act of providing trust of the information, that the Confidentiality, Integrity and
Availability (CIA) of the information are not violated, e.g. ensuring that data is not lost
when critical issues arise. These issues include, but are not limited to: natural disasters,
computer/server malfunction or physical theft. Since most information is stored on
computers in our modern era, information assurance is typically dealt with by IT
security specialists. A common method of providing information assurance is to have
an off-site backup of the data in case one of the mentioned issues arise.
Threats
Information security threats come in many different forms. Some of the most common
threats today are software attacks, theft of intellectual property, identity theft, theft of
equipment or information, sabotage, and information extortion.
Viruses, worms, phishing attacks, and Trojan horses are a few common examples of
software attacks.
The theft of intellectual property has also been an extensive issue for many businesses
in the IT field.
Identity theft is the attempt to act as someone else usually to obtain that person's
personal information or to take advantage of their access to vital information. Theft of
equipment or information is becoming more prevalent today due to the fact that most
devices today are mobile. Cell phones are prone to theft, and have also become far more
desirable as the amount of data capacity increases.
9
PREVENTING CYBER ATTACKS
Cyber attacks can be prevented by being aware of the various types of protocols,
exploits, tools, and resources used by malicious actors including:
Download software updates as soon as they appear - these often contain vital
security patches.
Delete suspicious emails, and never open attachments from unknown sources.
Control employee access to computers and documents. Staff can be given
individual user accounts, with access restricted as appropriate to their role.
Educate staff so that they can spot cyber security threats and know how to avoid
them. The Government offers a range of online free courses which may be
helpful in this (see below).
Restrict the use of removable media (e.g. USB sticks) as they can be easily
stolen or lost. Control access to them, ensure that only those supplied by the
business are used.
Using strong passwords. Strong passwords have eight characters or more and a
combination of upper and lower case letters, numbers, and symbols. Keep
passwords in a safe place, and don’t use the same one for every service and
account. Change passwords every 90 days, at least.
Avoiding public Wi-Fi. Never make online payments, send confidential
information, or introduce important account passwords when using public Wi-
Fi. Cyber criminals create networks that look like free internet but allow them to
access your data.
Don’t trust unsolicited emails and text messages. Never click on a link, image
or video that has been received from an unknown sender. Check that emails are
legitimate – red flags include spelling mistakes, poor grammar, odd phrasing,
and urgent requests for money or action. Verify correspondence by contacting
the sender directly. Check that websites are legitimate too (malicious websites
10
may look identical to a legitimate site, but the URL often has a variation in
spelling or a different domain).
Protecting personal information on social media. Information thieves use social
media to collect personal details that they can then use in phishing scams. Verify
before sharing personal information such as your name, home address, phone
number, and email address.
Organizations should create cyber security strategies and policies (eg ICT
policy)
Organizations should conducting security risk assessment (eg risk profile)
DEFENSE SUMMARY
11
12
WHY CYBER SECURITY IS IMPORTANTG TO TAXATION?
In an era of massive flows of taxpayer data along with increasing risks of data leaks, tax
administrations face the challenges of ensuring the protection of taxpayer data and
adhering to good governance practices to meet taxpayer expectations about the
confidentiality of the tax information that is shared. Illegitimate use of data and
hacking are major concerns of corporate taxpayers, also because of the competitive
implications. The development of a fair and sound interaction between tax
administrations and taxpayers/customers is of critical importance for the efficiency of
the tax systems.
Hackers target tax practitioners in order to obtain personal information, commit
identity fraud, or to launch ransomware and other malicious attacks.
13
ARTIFICIAL INTELLIGENCE
AI in taxation
Spendesk (2020) proposes the following important ways in which artificial intelligence
directly generates revenue today:
14
Artificial intelligence can help classify tax-sensitive transactions.
Tax classifications are key aspects of both the sales and property tax domains. Assume
you want to create a new product or service. To classify it in an appropriate tax
category you’ll need to consider three key identifiers:
Artificial intelligence tax solutions can match products and services to the most
appropriate tax category, thereby improving the accuracy of tax calculations to
continually ensure classifications are up to date, lessening the chance of over- or
undercharging.
Artificial intelligence in auditing can be used to identify potential tax fraud cases.
European countries have been using these technologies to detect fraud as well. In
Denmark, tax officials have been able to identify an estimated 60 out of 100 cases of tax
fraud using advanced technologies.
AI can elevate the method of tax forecasting from simplistic modeling techniques (such
as linear interpolations or basic regressions) to advanced predictive analytics. For
instance, algorithms could analyze corporate and seasonal data to help detect trends
15
within various tax filing cycles—an annual, quarterly, monthly, or even more frequent
basis. Those trends could then be used as the basis for predicting what’s likely to
happen next.
Locating key tax data within endless stacks of paper is a time-consuming process that is
anything but 100% accurate, even for the most detail-oriented professionals.
However, AI and machine learning technologies can be used to fast track this laborious
process with equal or better accuracy. These tools can complete the same process as a
team of tax professionals, only quicker and at scale. What may take the team days to do,
a computer can complete in mere minutes or hours. The information retrieved can then
be used to feed and hasten classification efforts.
Tax planning often gets too little attention because tax teams are focused on completing
more important tasks. AI tax software reduces—if not eliminates—much of the human
work involved with these tasks, leaving more time for tax strategy planning. But AI has
more than just time savings to offer; it also has the power to assist with strategic
endeavors, including those involving regulatory law and corporate strategy.
Enterprises that utilize AI-enhanced applications are expected to become more diverse,
as the needs for the ability to analyze data across multiple variables, fraud detection
and customer relationship management emerge as key business drivers to gain
competitive advantage.
16
Artificial Intelligence in Financial Services
Banks use artificial intelligence systems to organize operations, invest in stocks and
manage properties. Creative Virtual has deployed artificial intelligence customer
support systems to assist financial services customers with services such as checking an
account balance or retrieving a forgotten password.
These systems assist in areas such as market forecasting, automation of processes and
decision making and increase the efficiency of tasks which would usually be performed
by humans.
In the area of social networking, AI is used understand social networks on the Web.
Data mining techniques can be used to analyze different types of social networks. This
analysis helps a marketer to identify influential actors or nodes within networks,
Example: High-tech data mining can give companies a precise view of how particular
segments of the customer base react to a product or service and propose changes
consistent with those findings.
17