CONTEMPORARY TRENDS IN INFORMATION AND

COMMUNICATION TECHNOLOGY

INTRODUCTION TO CYBER CRIME

A major problem facing e-business today is its vulnerability to

cybercrime.

Cybercrime is defined as a crime in which a computer is used as a tool to commit an

offense.

In practice, cybercrime consists of criminal acts that are committed online by using
electronic communications networks and information systems - such as crimes specific
to the Internet, online fraud and forgery and illegal online content.

Cybercriminals may use computer technology to access personal information,

business trade secrets, or use the internet for exploitive or malicious purposes.

Criminals can also use computers for communication, documentation or data storage.
Criminals who perform these illegal activities are often referred to as hackers.

The cyber battle (battle against cyber crime) increases due to rapid adoption of
machine learning and artificial intelligence tools, as well as an increasing
dependency on software, hardware and cloud infrastructure.

Cybercrime encompasses a wide range of activities, but these can generally be

broken into two categories:

(a) Crimes that target computer networks or devices

These types of crimes include viruses and denial-of-service (DoS) attacks.

(b) Crimes that use computer networks to advance other criminal activities
These types of crimes include cyber stalking, phishing, fraud or identity theft.

1
Causes of Cyber Crime:

Cyber Attacks: How does this happen?

 Vulnerabilities in your hardware or software (eg a code may be introduced into

the computer or software)
 Employees and mistakes they might make (eg downloading a free software)
 Clients, if, and to the extent they have access to your network.
 Vendors and contractors, if and to the extent they have access to your network
 Third-Party Exposure (lack of Policies and guidelines)
 Configuration Mistakes
 Poor Cyber Hygiene(unprotected WiFi)
 Poor Data Management (Automation and AI)

Main sources of cyber crime for organizations

Data Exfiltration

Organizations have lost control over sensitive and protected data. Cyber Criminals and
trusted employees are exfiltrating hundreds of gigabytes of sensitive data from
organizations daily. The increased use of unauthorized cloud applications and the
uncontrolled adoption of BYOD has weakened access controls, giving users a complete
access to large volumes of sensitive or classified data.

Social Engineering

Organizations are defenseless against social engineering. Organizations across all

industries are continuously reporting an increase in a variety of technologically
sophisticated social engineering attacks. This is a clear indication of the popularity of
these attacks and the inability of organizations stops them.

2
Database Breaches

Organizations are carelessly exposing their crown jewels. As many organizations

implement enterprise applications, the need for databases has grown. Databases play an
extremely important role in many organizations’ environment. Despite this importance,
organizations are not adequately addressing database related risks.

Poor Identity and Access Management

Uncontrolled identities and access control are exposing organizations. Identity and
access management processes and technologies are not well adopted in most local
organizations. Leading to unauthorized and inappropriate access to highly sensitive
information.

Insider Threats

Research indicates that over 80% of system related fraud and theft in 2015 are
perpetrated by employees and other insiders. It is shown that numerous cases of
privileged users probing systems for unauthorized access and attacking systems for a
variety of reasons include disgruntlement, revenge, and financial gain.

Categories of Cyber Crime

Cyber crimes are broadly categorized into three categories, namely crime against

Individual

This type of cybercrime can be in the form of cyber stalking, distributing illegal images
or photos, and trafficking.

Property

Just like in the real world where a criminal can steal and rob, even in the cyber world
criminals resort to stealing and robbing. In this case, they can steal a person’s bank
details and siphon off money; misuse the credit card to make numerous purchases
online; run a scam to get naïve people to part with their hard earned money; use

3
malicious software to gain access to an organization’s website or disrupt the systems of
the organization. The malicious software can also damage software and hardware, just
like vandals damage property in the offline world.

Government

Although not as common as the other two categories, crimes against a government are
referred to as cyber terrorism. If successful, this category can wreak havoc and cause
panic amongst the civilian population. In this category, criminals hack government
websites, military websites or circulate propaganda (eg Chemical Ali).

CLASSIFICATION OF CYBER CRIMINALS:

When any crime is committed over the Internet it is referred to as a cyber crime. We
classify cyber crime according to the following groups:

Hacking: This is a type of crime wherein a person’s computer is broken into so that his
personal or sensitive information can be accessed. This is different from ethical hacking,
which many organizations use to check their Internet security protection.

In hacking, the criminal uses a variety of software to enter a person’s computer and the
person may not be aware that his computer is being accessed from a remote location.

Theft: This crime occurs when a person violates copyrights and downloads music,
movies, games and software.

Cyber Stalking: This is a kind of online harassment wherein the victim is subjected to a
series of online messages and emails.

Identity Theft: In this cyber crime, a criminal accesses data about a person’s bank
account and other sensitive information to siphon money or to buy things online in the
victim’s name. It can result in major financial losses for the victim and even spoil the
victim’s credit history.

4
Malicious Software: These are Internet-based software or programs that are used to
disrupt a network. The software is used to gain access to a system to steal sensitive
information or data or causing damage to software present in the system

Types of cyber-crimes:

Computer Virus
The computer virus is the most well known type of cyber crime. A computer virus is a
computer program that piggybacks or attaches itself to application programs or other
executable system software; the virus subsequently activates, sometimes causing severe
damage to computer systems or files. The perpetrator may not steal assets but instead
creates havoc within the victim’s computer system. For this reason, a computer virus is
comparable to the manual crime of vandalism, in which the perpetrator does not steal
assets, but instead damages the victim’s
property.

Phishing
Phishing is occurs when the perpetrator sends fictitious emails to individuals with links
to fraudulent websites that appear official and cause the victim to release personal
information to the perpetrator. This information is then used for unauthorized purposes
such as fraudulent purchases, obtaining fraudulent loans, or identity theft.

Ransomware

A type of malicious software designed to block access to a computer system until a sum
of money is paid.

Malware

Software that is intended to damage or disable computers and computer systems

5
Botnet

A Botnet infection occurs when a hacker transmits instructions to other computers for
the purpose of controlling them. The hacker who disseminates the “bot” program is
referred to as a “herder.” Thousands of computers can be potentially infected. The
infected computers can then be used for various purposes such as spam distribution or
phishing. The legitimate owner of the computer usually does not know that it is
infected.

Spoofing

Spoofing occurs when the perpetrator uses email to gain the confidence of an individual
so that he or she provides personal information that is later used for unauthorized
purposes such as fraudulent purchases, obtaining fraudulent loans, or identity theft.
Spam is a key method used by email spoofers to trick individuals into providing their
personal information.

E-mail spoofing is a term used to describe fraudulent e-mail activity in which the
sender address and other parts of the e-mail header are altered to appear as though the
e-mail originated from a different source.

Email spoofing is used for spam e-mail and phishing to hide the origin of an e-mail
message. By changing certain properties of the e-mail, such as the From, Return-Path
and Reply-To fields (which can be found in the message header), ill-intentioned users
can make the e-mail appear to be from
someone other than the actual sender.

E-Bank Theft
E-bank theft occurs when a perpetrator hacks into a banking system and diverts funds
to accounts accessible to the perpetrator. To prevent e-bank theft, most major banks
severely limit what clients can do online. Fraudulent Internet banking sites are often
used to commit e-bank theft. The Internet can be used by criminals to establish fictitious

6
online banks that attract customer deposits with promises of extremely high interest
rates, after which the bank disappears with the money.

Netspionage
Netspionage occurs when perpetrators hack into online systems or individual PCs to
obtain confidential information for the purpose of selling it to other parties (criminals).

Online Denial of Service (DoS)

This is an act by the criminal, who floods the victim’s

network or fills his e-mail box with spam mail depriving him of the services he is
entitled to access or provide short for denial-of-service attack, a type of attack on a
network that is designed to bring the network to its knees by flooding it with useless
traffic.

It is the use of email barrages, computer viruses, or other techniques to damage or shut
down online computer systems, resulting in loss of business.

Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations
in the TCP/IP protocol.

In some cases, online denial of service results in permanent damage to computer

systems or files, requiring major expenditures to rebuild systems or recreate files.

Software Piracy
Software piracy is the theft of intellectual assets associated with computer programs.
Software piracy results in loss of profits to companies and individuals who own the
software, while rewarding criminals who did not do the work or risk the resources
necessary to develop the software.

7
E-mail bombing

E-mail bombing refers to sending a large number of e-mails to the victim resulting in
the victim’s e-mail account (In case of Individual ) or mail servers (in case of a company
or an e-mail service provider) crashing.

Logic Bombs
In a computer program, a logic bomb is a programming code, inserted surreptitiously
or intentionally, that is designed to execute (or “explode”) under circumstances such as
the lapse of a certain amount of time or the failure of a program user to respond to a
program command.161 Software that is inherently malicious, such as viruses and
worms, often contain logic bombs that execute a certain payload at a pre-defined time
or when some other condition is met. This technique can be used by a virus or worm to
gain momentum and spread before being noticed. Many viruses attack their host
systems on specific dates, such as Friday the 13th or April fool’s Day. Trojans that
activate on certain dates are often called “time bombs”.

Cyber Terrorism:
Cyber terrorism is a deliberate usage of computer networks and public internet in order
to affect the personal objectives by using tools such as computer virus.

Cybercrime and Information Security

Information security is the practice of preventing unauthorized access, use, disclosure,

disruption, modification, inspection, recording or destruction of information.

IT security

Sometimes referred to as computer security, information technology security is

information security applied to technology (most often some form of computer system).
IT security specialists are therefore responsible for keeping all of the technology within
the company secure from malicious cyber-attacks that often attempt to breach into
critical private information or gain control of the internal systems.

8
Information assurance

The act of providing trust of the information, that the Confidentiality, Integrity and
Availability (CIA) of the information are not violated, e.g. ensuring that data is not lost
when critical issues arise. These issues include, but are not limited to: natural disasters,
computer/server malfunction or physical theft. Since most information is stored on
computers in our modern era, information assurance is typically dealt with by IT
security specialists. A common method of providing information assurance is to have
an off-site backup of the data in case one of the mentioned issues arise.

Threats

Information security threats come in many different forms. Some of the most common
threats today are software attacks, theft of intellectual property, identity theft, theft of
equipment or information, sabotage, and information extortion.

Viruses, worms, phishing attacks, and Trojan horses are a few common examples of
software attacks.

The theft of intellectual property has also been an extensive issue for many businesses
in the IT field.

Identity theft is the attempt to act as someone else usually to obtain that person's
personal information or to take advantage of their access to vital information. Theft of
equipment or information is becoming more prevalent today due to the fact that most
devices today are mobile. Cell phones are prone to theft, and have also become far more
desirable as the amount of data capacity increases.

Sabotage usually consists of the destruction of an organization′s website in an attempt

to cause loss of confidence on the part of its customers.

Information extortion consists of theft of a company′s property or information as an

attempt to receive a payment in exchange for returning the information or property
back to its owner, as with ransomware.

9
PREVENTING CYBER ATTACKS

Cyber attacks can be prevented by being aware of the various types of protocols,
exploits, tools, and resources used by malicious actors including:

 Download software updates as soon as they appear - these often contain vital
security patches.
 Delete suspicious emails, and never open attachments from unknown sources.
 Control employee access to computers and documents. Staff can be given
individual user accounts, with access restricted as appropriate to their role.
 Educate staff so that they can spot cyber security threats and know how to avoid
them. The Government offers a range of online free courses which may be
helpful in this (see below).

 Restrict the use of removable media (e.g. USB sticks) as they can be easily
stolen or lost. Control access to them, ensure that only those supplied by the
business are used.
 Using strong passwords. Strong passwords have eight characters or more and a
combination of upper and lower case letters, numbers, and symbols. Keep
passwords in a safe place, and don’t use the same one for every service and
account. Change passwords every 90 days, at least.
 Avoiding public Wi-Fi. Never make online payments, send confidential
information, or introduce important account passwords when using public Wi-
Fi. Cyber criminals create networks that look like free internet but allow them to
access your data.
 Don’t trust unsolicited emails and text messages. Never click on a link, image
or video that has been received from an unknown sender. Check that emails are
legitimate – red flags include spelling mistakes, poor grammar, odd phrasing,
and urgent requests for money or action. Verify correspondence by contacting
the sender directly. Check that websites are legitimate too (malicious websites

10
 may look identical to a legitimate site, but the URL often has a variation in
spelling or a different domain).
 Protecting personal information on social media. Information thieves use social
media to collect personal details that they can then use in phishing scams. Verify
before sharing personal information such as your name, home address, phone
number, and email address.
 Organizations should create cyber security strategies and policies (eg ICT
policy)
 Organizations should conducting security risk assessment (eg risk profile)

DEFENSE SUMMARY

11
12
WHY CYBER SECURITY IS IMPORTANTG TO TAXATION?

In an era of massive flows of taxpayer data along with increasing risks of data leaks, tax
administrations face the challenges of ensuring the protection of taxpayer data and
adhering to good governance practices to meet taxpayer expectations about the
confidentiality of the tax information that is shared. Illegitimate use of data and
hacking are major concerns of corporate taxpayers, also because of the competitive
implications. The development of a fair and sound interaction between tax
administrations and taxpayers/customers is of critical importance for the efficiency of
the tax systems.
Hackers target tax practitioners in order to obtain personal information, commit
identity fraud, or to launch ransomware and other malicious attacks.

13
 ARTIFICIAL INTELLIGENCE

Artificial intelligence (AI) is the science of programming computers to perform complex

tasks that normally require human intelligence.
Examples of artificial intelligence include ATM, Drones, self driving cars, and Robots.
AI is viewed as a source of increased productivity, revenue, and economic progress.
Analyzing enormous amounts of data can improve the efficiency with which things are
done and dramatically improve the decision-making process.

AI in taxation
Spendesk (2020) proposes the following important ways in which artificial intelligence
directly generates revenue today:

14
Artificial intelligence can help classify tax-sensitive transactions.

Tax classifications are key aspects of both the sales and property tax domains. Assume
you want to create a new product or service. To classify it in an appropriate tax
category you’ll need to consider three key identifiers:

 How it’s produced or performed

 Where it’s sold
 How it’s delivered

Artificial intelligence tax solutions can match products and services to the most
appropriate tax category, thereby improving the accuracy of tax calculations to
continually ensure classifications are up to date, lessening the chance of over- or
undercharging.

Artificial intelligence in auditing can be used to identify potential tax fraud cases.

Referred to as “predictive modeling,” machine learning applications are now being

used by tax agencies to identify cases having characteristics that could indicate potential
fraud. It often helps find subtle clues hidden in mounds of data that are sometimes
missed or overlooked by auditors.

European countries have been using these technologies to detect fraud as well. In
Denmark, tax officials have been able to identify an estimated 60 out of 100 cases of tax
fraud using advanced technologies.

Artificial intelligence can make tax forecasting more accurate.

AI can elevate the method of tax forecasting from simplistic modeling techniques (such
as linear interpolations or basic regressions) to advanced predictive analytics. For
instance, algorithms could analyze corporate and seasonal data to help detect trends

15
within various tax filing cycles—an annual, quarterly, monthly, or even more frequent
basis. Those trends could then be used as the basis for predicting what’s likely to
happen next.

Artificial intelligence can aid in locating key information within documents.

Locating key tax data within endless stacks of paper is a time-consuming process that is
anything but 100% accurate, even for the most detail-oriented professionals.

However, AI and machine learning technologies can be used to fast track this laborious
process with equal or better accuracy. These tools can complete the same process as a
team of tax professionals, only quicker and at scale. What may take the team days to do,
a computer can complete in mere minutes or hours. The information retrieved can then
be used to feed and hasten classification efforts.

Artificial intelligence can help inform your strategic decision-making.

Tax planning often gets too little attention because tax teams are focused on completing
more important tasks. AI tax software reduces—if not eliminates—much of the human
work involved with these tasks, leaving more time for tax strategy planning. But AI has
more than just time savings to offer; it also has the power to assist with strategic
endeavors, including those involving regulatory law and corporate strategy.

Use of Artificial Intelligence in other areas

Artificial Intelligence in Manufacturing

Enterprises that utilize AI-enhanced applications are expected to become more diverse,
as the needs for the ability to analyze data across multiple variables, fraud detection
and customer relationship management emerge as key business drivers to gain
competitive advantage.

16
Artificial Intelligence in Financial Services

Banks use artificial intelligence systems to organize operations, invest in stocks and
manage properties. Creative Virtual has deployed artificial intelligence customer
support systems to assist financial services customers with services such as checking an
account balance or retrieving a forgotten password.

Artificial Intelligence in Marketing

Advancements in Artificial intelligence’s application to a range of disciplines have led

to the development of Artificial intelligence systems which have proved useful to
marketers.

These systems assist in areas such as market forecasting, automation of processes and
decision making and increase the efficiency of tasks which would usually be performed
by humans.

In the area of social networking, AI is used understand social networks on the Web.
Data mining techniques can be used to analyze different types of social networks. This
analysis helps a marketer to identify influential actors or nodes within networks,

AI enhanced analytics programs also provide survival modeling capabilities suggesting

changes to products based on use.

Example: High-tech data mining can give companies a precise view of how particular
segments of the customer base react to a product or service and propose changes
consistent with those findings.

17