COMPUTER CRIME AND LAWS (REVISION)

Computer Crime

Computer crime is an illegal act performed by a computer user using a computer. Other names
that refer to computer crime are cyber crime, hi-tech crime or electronic crime. Examples of
computer crime are hacking, computer fraud, eavesdropping and spreading of malware.

Types of computer crime

Pharming
Pharming is where malicious code installed on a user’s personal computer or web server
misdirects users to a fraudulent or fake website in the hopes of gathering personal information
without the person’s knowledge or consent.

How pharming works

 A hacker attacks a domain name system (DNS) server.
 The hacker redirects traffic from the real website to his own fraudulent site.
 The user types in the web address of the real site.
 They are instead taken to the fake site – usually a bank or other e-commerce site where they
are asked to enter their personal information such as credit card numbers, PINs, etc.

Countermeasures
 Use trusted legitimate internet service provider.
 Maintain effective, up to date anti-malware utility to identify and remove pharming code
 Keep simple names for domains which can be easily recalled by customers and which are less
prone to hackers.
 Use anti-pharming tool which is available for windows –based servers
 The user should always be alert and look out for ‘clues’ that they are being re-directed to
another site
 Educate website users on pharming and its dangers.
 Don’t download software from sites you’re not sure you can trust, regardless of what
operating system you run.
 Avoid pirated software as you may get some malware thrown in.

Phishing
Phishing is an act of deceiving individuals to gain private or personal information about that
person usually via e-mails that seem to come from trusted sources.

How phishing works

 An internet user receives an urgent message from a trusted source e.g. an online shop or bank.
 The email looks real as it even uses the logo and colour scheme of that company.
 The email asks the user to click on a (malicious) link that takes him/her to a fake log-in page
or a page asking you to grant permission by entering your personal details from ID and
password, to credit, banking, and other information.
Countermeasures

 Don't panic or click on anything until you know it’s legitimate.

 Check for red flags, such as strange email addresses or misspellings.
 Share on your social media channels about the phishing to avoid many victims.
 Consider using a strong authentication mechanism like a hardware token and PIN or
biometrics on all payment processing systems.
 Consider disabling email access on any system involved with payment processing.
 Use tools available in your email client. For instance, Outlook, has the ability to help filter
potentially harmful links.
 Make regular updates on your anti-virus and anti-malware software. Frequently scan your
computer system.
 Use reputation-based website, IP address, and URL filtering to help ensure that any
systems accessed from within the company are not considered “bad” sites.
 Never open attachments or links in unsolicited emails.
 Notify the company that's being impersonated.
 Educate employees on how to identify phishing emails and avoid falling victim to them.

Identity theft

This is when someone gains access to your personal information and uses it for their own
benefit. This could be a hacker stealing your online banking account login and password to gain
access to your financial details or thief using stolen bank cards to access the victim’s account.

Countermeasures

 Never connect to your bank account on a public computer, or using a WiFi access point
you’re not absolutely sure you can trust.
 Never share any personal information – such as your bank account number or any
information a fraudster could use to steal your identity
 When logging into your bank, ensure the communication is secure by verifying that the
address begins with “https” instead of “http”.
 Ignore any email from your bank, your credit card company asking you to update your
personal information.
 Make sure your business computers have anti-virus and anti-spyware protection.
 Make sure your network is protected with a firewall.
 Keep software and browsers updated with security patches.
 Freeze all financial accounts if the bank cards are stolen.

Cyber stalking

Cyber stalking involves using the internet to constantly harass, threaten or frighten another
person. The harassment could be sexual or hostility in nature usually through e-mails and social
networks. Cyber stalking is also known as cyber bullying or trolling.

Examples of cyber stalking

 Sending threatening or abusive emails

 Repeated contact through social media
 Hacking into private accounts
 Installing malware
 Posting false or slanderous (defamatory) accusations online
 Encouraging others to harass the victim

Countermeasures

 Keep your personal information secret, don’t post your images to social networks
unnecessarily.
 Report cyber stalking cases to the police.

Hacking

Hacking is the use of software or other means to gain unauthorised access into a person’s computer
system. Hacking must not be confused with ethical hacking used by many organisations to check
their internet security protection. Ethical hackers may be hired to help in situations where an
organisation employees have forgotten their login credentials like passwords.

Hackers break into computer systems for two main reasons:

 To cause direct harm to the data (delete, alter, corrupt and steal data) or computer system such
as identity theft or credit card fraud (Black-hat hacker).
 To test their skills and show the public their capabilities (Grey-hat hacker).
 To find security loop holes in a computer systems.
Countermeasures

 Create a strong password which is difficulty to guess.

 Use a very effective firewall.
 Configure your computers and mobile devices to install software updates automatically.
 Use two-factor authentication which involves using your password and a text message PIN
that is sent to your smartphone as a way of authentication.
 Do not plug any USB device that comes from anywhere you're not sure about as they may have
malware that may load on your computer unaware.
 Use a virtual private network (VPN) that will ensure your traffic is encrypted and not easily
readable by potential hackers.
 Verify the authenticity of emails or websites.

Child pornography

Child pornography is an on-line crime to produce, possess or distribute sexual content involving
a minor. Child pornography is one of the fastest growing businesses on the internet.

Anti-child-porn sites like http://www. asacp.org recommends a number of measures to combat

child pornography.

Countermeasures

 Install and use parental control software on all computers.

 Know what sites your children frequent and monitor their online activity.
 Educate your children so that they understand the potential dangers they may be
exposed to online.

Denial of Service (DoS) attack

Denial of service attack is an attempt to overload a network or server with requests and data such
that it cannot serve its intended users. The network speed becomes slow and some websites will
not be available to users. However, it may be difficult to separate a DoS attack from a poor
network connection.
Countermeasures

 Have an antivirus program and firewall into your network to restrict bandwidth usage to only
authenticated users.
 Use security tools to detect and prevent ICMP flood attacks or block HTTP request attacks
on the server.
 Use enterprise products to identify and block single origin attacks as soon as they begin

Industrial espionage
The use of the internet to spy on a person, business or government in order to gain competitive
advantage over the business or person or for national security reasons in the case of
governments. The information could be sales reports or trade agreements for an organisation.

Countermeasures

 Transfer of files in and out of the organisation must be carried out without exposing and
risking the internal network.
 Information waiting to be retrieved by the business or sent to the business partner must be
kept in a secure location.
 Protect data from tampering by using methods such as digital signatures to detect
unauthorised changed to the files.
 Detailed logs auditing and tracking of every activity must be available.
 End-to-end data encryption must be maintained while the data is being transported over the
network.

Intellectual property theft

Intellectual property theft is stealing of material that is copyrighted. Intellectual property
protections include copyrights, trademarks, patents and trade secrets. Forms of intellectual
property involved in cybercrime are pirated software, pirated music, pirated movies, and pirated
electronic games.
Countermeasures
 Organisations or individuals must prioritise Intellectual Property and Trade Secret Protection.
 Mark or label all sensitive data as confidential
 Train employees, customers, contractors or partners on the organisation’s policy regarding
the use of confidential data.