The History Of The Cybercrime

Published Date: 02 Nov 2017

As technology advances at a great speed with new network designs and devices. It’s becoming more common that companies and people are depended on the web for everyday activities. These company’s and people have become easy targets for cybercrime and it’s now set to become real problem for future generations.

This report investigates the various acts of cybercrime that happens on a daily basis. It will also investigate and research past, present and future methods in which hackers use to gain information or succeed in their own personal agenda. This investigation will also show how accessible these tools are for public use and common practises in preventing these attacks.

This report will also investigate into the laws surrounding cybercrime and the punishment received for committing such an act within the United Kingdom and United States. It will also investigate into the strike actions on the latest cybercrime law within the Philippines and discuss whether it’s fair or not to allow such acts.

This report will also touch on the victim’s side of cybercrime and research the most common reactions to being a victim and how safe people feel using the web knowing of the threats that exists.

A case study of the mafia boy attack will also be included in this report. Demonstrating how easy it was for a teenager to become a hacker and bring down a series of high end businesses with a dos attack. Also a look into how this could have been prevented and how this changed security of the web.

acknowledgements

I am grateful to ... etc.

table of contents

list of figures

List all the figures in your document and use the captions as they appear below the figures.

Figures should be numbered per chapter; e.g. Figure 1.2 in Chapter 1, Figure 2.3 in Chapter 2 etc.

list of tables

List all the tables in your document and use the captions as they appear below the tables.

Tables should be numbered per chapter; e.g. Table 1.2 in Chapter 1, Table 2.3 in Chapter 2 etc.

list of symbols and/or abbreviations

Put a list of symbols and/or abbreviations you use in this page.

TCP/IP

DEC

DOS

DDOS

APARANET

MS-DOS

WEEE

AusCERT

MD5

SHA-3

USB

introduction

Within the last hundreds of years technology has been advancing and becoming more intelligent and more powerful. Only within the last couple of decades have we seen some truly inspirational inventions showing how great the human mind can design and engineer astonishing computer devices.

The latest offerings allow us to connect to other people across the world over the internet. Using many applications such as email and real live chat such as Skype, social sites such as Facebook or twitter. This would only be available using devices such as laptops, tablets and hand held phones. Through this large companies and home users have created a large demand for the new technology and have adopted it as a part of life. Believing it will make life easier to manage on a daily basis with a click of a button.

However adopting this new technological lifestyle can come with problems known as cybercrime. In recent years cybercrime has been on the increase with the gain in popularity of technology rising and is becoming more power and harder to get rid of as time goes on. According to Norton cybercrime reports 18 members of the public fall victim to Cybercrime every second. This can comes in many forms from trying to gain unauthorised access into your own profiles to steal Identity’s. To obtaining private information to bring down large businesses or government networks with malicious software.

CYBER CRIME

Cybercrime is known as a criminal act that has been committed using a computer with intention to use against other computers or network. These acts tend to be illegal acts that are committed over the internet using available software. The illegal cyber acts that tend to be committed by hackers also known as black hats. Common forms of cybercrime are identity theft the gaining of your identity for their use. Fraud which is an act of deceiving others for own personal gain and the sending and receiving of malware that can either spread computer viruses across networks or can be used to specifically attack a single computer. Each piece of malware has its own properties and uses but with the right scripting can be a deadly tool that has been known to kill networks and computers.

However there are other forms of cyber crime outside the generic main views of money making or malware attacks. As time has gone by the term cyber crime has broadened to the popularity of the internet for resources and social sites and more acts that are usually deemed illegal in the real world have be introduced to the cyber world. These acts tend to be anything of an offensive nature such as acts of paedophilia with unsuitable images and videos. Another example is poor behaviour such harassment online this has grown in popularity due to social sites such as Facebook and twitter. Harassment online has caused many problems such as cyber bullying, online hated such as racism and has also caused stalking. The problems on harassment has been linked to many disturbing events in the news such as suicides and mass shootings of within schools. Both of these examples are very common acts that is committed on and off line and shows a darker side to using the internet.

One of the latest acts of cyber crime that has destroyed many companies and franchise is the act of piracy. This is illegal downloading of the latest cinema releases, DVD’s, music or even software packages. Piracy is classed as stealing and breach of copy rights laws. It’s almost wiped out the use of cd’s helping bring down many music industry’s and forced companies to think of digitally releasing products at a cut price and try and remove the middle man of retail shops hoping to gain a profit.

Cyber crime can also be stretched out as far as being used as one of the ultimate weapons in the modern world. Simply With the aid of suitable tools or having great script knowledge. Many hackers or organised crime groups can create major damage crippling the online world and the economy. Committing such acts is known as cyber warfare and cyber terrorism. Cyber warfare is an act in which one country will deliberately hack into another country to close them down or spy and obtain the other country’s information on any particular topic. Whereas cyber terrorism is usually when organised groups commit terrorist attacks on large scale business or governments networks usually with computer viruses but on a larger scale than normal cyber attacks. Both of these types of cyber crime are in rapid growth looking as it may become one of the biggest threats that we’ve seen.

With all these different forms of cyber crime it goes to show how much times have changed and how popular computers and the internet are currently in. This also shows how much damage can be created over the network and the different ways it can affect the population.

Brief History of cyber crime acts

The history of cyber crime can be dated back at least a couple hundreds of years as far back as 1800 hundreds. However the cyber crime committed on modern computers is generally quite short it’s only really been around for the last three decades. The first modern computers as we know now and the internet (created by ARPANET) weren’t built until the late 1960’s to early 1970’s. After this it still took time to perfect communications between one another with the creation of protocols such as TCP/IP. This is an internet protocol that allow connection to the internet and fundamentally communicate over the internet too.

The first act of cyber crime was committed on a modern computer was a spam email. Which was sent to over 320 people on the 3rd of May 1978 this act was identified to be created by Gary Thuerk. Who was described as "an aggressive DEC marketer"1 and his reasoning for creating this was to advertise DEC new computer systems. Another reasoning is because he believed "Arpanet users would find it cool that DEC had integrated Arpanet protocol support directly into the new DEC-20 and TOPS-20 OS"1. The Reaction to the spam email was unfavourable and high level of complaints were received to boss of DEC.

It wasn’t until January 1982 the first virus was created as practical joke by a 15 year old student called Rich Skrenta. He created the elk cloner this was the first form of malware virus to be released to the public and was specifically aimed on Apple II computers via infected floppy disks. The way this infection worked was an infected floppy disk game would be booted and the virus would replicate its self onto the computer’s memory then it would replicate its self on to an unaffected floppy disk and spread if placed into a new apple II floppy drive. The outcome of the actual result of virus is that on every 15th boot a short poem would appear on the screen quoting:

"Elk Cloner: The program with a personality 

It will get on all your disks It will infiltrate your chips Yes it's Cloner! 

It will stick to you like glue It will modify ram too Send in the Cloner!"2.

The reception to Elk Cloner was mixed apparently teenagers saw virus as quite a funny practical joke. Were as the older generation such as rich Skrenta teachers saw this as quite a frustrating joke. Later on Rich Skrenta did create a utility disk to resolve the issue.

Later in the decade in 1986 the brain virus created by Basit Farooq Alvi and Amjad Farooq Alvi attacks IBM’s computers working in a very similar fashion as Rich Skerenta’s elk cloner but was created for MS-DOS. In the same cyber crime becomes a committed felony in the U.S.

After this the late 80’s on going through to the 90’s cyber crime became popular because of 80’s films such as war games and the way in which the technology was advancing grabbed peoples imaginations. This caused the rise in cyber gangs such legion of doom, German’s chaos computer club, the cult of dead cow. Once they came into the picture they started being a big threat hacking into Microsoft and government systems and creating Trojan viruses that granted anyone remote access to the victims machine. For the public series of scamming programs starting circling online such as the aids virus. Which was a scamming virus threating users to place $ 500 dollars into another account. Also tools such as aohell started cropping up introducing hacking to amateur hackers also referred kiddie scripters.

Within the late nineties 1999 to be more accurate a DOS attack known as the Melissa virus was released this caused a lot of hype in the media causing a lot of panic in the cyber world. The Melissa virus was created by David L Smith who claims that the effect of the Melissa virus was an accident and not intended. The virus it’s self was a DOS that infected windows mail users offering pornographic websites and images causing email servers to shut down and many companies to cut off outside access in case of a risk of infection. The Melissa virus at the time was a big event although it doesn’t harm your pc it did cause a lot of disturbance costing worldwide 1.1. Billion pounds. David L Smith was sentenced to 5 months and had to pay back a fine of 15, 000 dollars.

Entering the 2000’s this decade saw cyber attacks became very common The Worm virus became very popular such as the I love you worm, and the conflicker worm costing billions in damage. This happened as in earlier half of the decade and thousands of accounts became victims of spam mail.

Also with the popularity of technology rapidly growing with the introduction the iPod digital music became popular causing the creation of Napster and LimeWire to allow file sharing of media online and making the spreading of viruses much easier. Also with the demand of technology becoming competitive and the pricing to gain broadband over dial-up or the use of hot spots was slowly going down so it became more accessible to the public for a reliable source of internet which had lots of wireless security flaws.

In the mid-2000s cyber gangs turned into real organised crime seeing the massive holes in the system with aid adware and spyware and the assistants of rootkits to hide malware this gave them everything to gain information and committed act such as identity theft.

In the latter half of 2000’s social sites were the big deal with Myspace, Facebook and now redundant sites like bebo. This became a popular way to attack people and gain access to personal information and easily share virus

Acts of cyber crime

The ways in which cybercrime is committed has over the years dramatically changed along the way to fit in with new technology and there improved security measures. The level of damage in which these attacks depend on the hacker and their tools what they are hoping to gain. ( INSERT A TABLE SHOWIN COMMON ATTACKS not finished)

Types of Hackers

There are different types of hacker in the cyber world however not all hackers are bad the main form of hacker is known as a black hat.

Black Hats

The definition of a black hat is a hacker that wants to illegally obtain vulnerable data or deliberately exploit personal information for own personal gain. Black hats or hackers are can technically be anyone interested in committing in form of cybercrime in the cyber world. This includes big fraud scams by professionals to minor virus attacks by amateur hackers. The term bat hat apparently comes from the western movies created in the 60’s onward with a bad guy stereotypically wearing a black hat.

Black Hat hackers often use a technique/two pronged process known as pre-hacking stage this the planning and reach before attacking. The stages are as follows as:

Targeting: This is the first stage which mainly consists of the planning and choosing of who and where to attack this could be chosen at random. Once this has been done they do a port scan to find the weakest point in the victim’s network. According to NRI cybercrime report 2012 the three most common ports that are attacked in that year are the following ports: TCP/25 SMTP, ICMP ping and TCP/80 web.

Researching: In this stage black hats commonly research the indented victim system details by gaining information by means of social engineering. Example of this is research the indented victims Facebook together information that could be used to gain passwords as security questions etc or more extreme way get a job with company and secretly research equipment’s and software’s that are used. There is one more method in which they can gain information and it’s known as dumpster diving. Which is a legal act to commit and the perfect way to gain information on the company or victim for the intended attack. The things black hats will look for include old hard drive that can be recovered, cd’s as with cd-r you cannot erase the data on them, out print outs giving source codes and email addresses.

The Attack: This is the last stage once the black hat has gained enough information they will a use a tool or program to attack what they think is the best way.

Grey, White and Blue Hats

However black hats are not the only type of hacker out there in the cyber world. There is also grey hats, white hats and blue hats. Grey hats are known to be both good and bad hackers. They commit both illegal cyber crime and also fight against it hence why there given the name grey hats. Common grey hats may just hack into a system and warn the company that there is a flaw within their network and offer to fix it for a price.

Whereas white hats are deemed as the good hackers also known as ethical hackers. These guys are usually as a full time job get hired by companies to crack a networks or hack software coding and asked to fix it make sure they have a tight security. The majority of the time white hats use to be black hats turned good or students with a keen interest in security that have studied ethical hacking at a university that has been given permission to allow hacking for educational purposes such as the University of Abertay in Dundee.

Another form of hacker that’s similar to a white hat is a blue hat these are ethical hackers that work on exploiting flaws in windows software before it gets released and maintain that the Microsoft corporation network is as secure as possible. As they are a very popular target among hackers to try and gain information from and have been successfully hacked before in the 90’s.

4.1.3 Hacktivists

Hacktivists are group of online activists that been reportedly around since 1989. There are a different type of hacker compared to the regular black hats seen to some as cyber terrorists and to others seen as a voice or vigilantes fighting against political, social events and censorship of freedom speech for the online generation. People’s view on hacktivists tend to differ and cause a debate. The word hacktivist was originally created back in 1996 by a member of the hacker group the cult of the dead cow. Hacktivists tend to break into large corporate businesses and government networks to steal and share their personal information to publically share to highlight issues. A staggering 59% of all stolen data last year was reportedly stolen by hacktivists. Their intent is to publically intimidate and shame governments and corporate businesses for what they believe is politically or ethically wrong. Alongside stealing data they do use other methods such as DOS attacks which is flooding their networks with spam. Website defacement which is the changing of the websites look by adding pictures or text over it.

In recent years one cyber group have risen to claim the title of hacktivists causing much panic to government and big franchise corporations. Using the internet as the ultimate tool to preach their own form of politics and views known as techopolitics. This is of cause anonymous they are a group of unknown hacktivists that were formed in 2005 who have been repeatedly reported online and in the media for their attacks and threats.

They famously in public protests in the streets adopted the Guy Fawkes mask of the character V from the frank miller’s graphic novel V is for Vendetta. Who was the main character in the novel was a figure that fought for justice and rights for the people against the government’s control on them. Famous attacks that anonymous have performed include. The famous declaring of war on the Church of scientology after the church were actively threating law suits to anyone that that wouldn’t comply with the taking down of an embarrassing promotional video of the church. Anonymous felt that this was against what they believed in the freedom of speech and the non-acceptance of censorship. Anonymous cult famously stated online they believed the attacks were "for the good of your followers, for the good of mankind"3. Anonymous also performed a series of DDOS attack (flooding of messages to a root server causing it to crash) against series of large organisation such as MasterCard, Amazon and PayPal for blocking financial donations to international website called WikiLeaks. Which is a site that leaks news, and classified information that not meant to seen to the public.

Prevention against black hats

A couple of basic techniques that can used against black hat hackers.

Install a trust worthy Anti-virus and regularly update it and perform full systems scans on a daily basis.

When creating password for accounts try not to use the same password or numbers of importance (birth dates)

Regularly up patch’s for your pc or laptop

Make sure a good firewall is installed. As this one of the best preventions for blocking Hackers.

To avoid Dumpster diving shred all documentation that’s not need. Format all unused hard drives and recycle along with any used cd’s or usbs do this under WEEE regulations.

Do not put too much personal information social sites that can help hackers i.e. your phone number, first pets etc

Password Cracking

A popular method of cybercrime that can be carried out by black hats is password cracking this is the breaking into a password-protect account. This a popular and easy act to commit as most people and organisations tend to create passwords using simple wording or with personal information. It’s also been shown that people tend to use the same password more than once purely for convenience. Also with the adding of social sites the users are actively giving away email addresses and personal information that could potentially be in their password or security questions. This only adds to the hacker’s advantage to gain access into peoples accounts. Adding these factors along with the strength at which the black hats cracking software such as john the ripper. Which can be seen in Figure 4.1. This piece of free software has reportedly been able to crack hundreds upon thousands of passwords per second. Figure 4.1: John the ripper testing in set-up

Brute Force Attacking

Brute force attack is one of many techniques that can be used for password cracking it individually go’s through every alpha-numeric combinations available until it’s successfully found all the correct characters within the given allowed attempts. This however can very time consuming and can take anything from an hour to a week. Depending on the encryption type this can range from 64-bit to 256-bit the higher the encryption the better.

Dictionary Attacking

Dictionary Attacking is a similar attack to brute force attacking in the way that it’s forcefully guessing the password but it’s different because it uses a different method. The way the dictionary attack method cracks passwords is that it constantly enters words from the dictionary. This can either be a set number of words that the user has put in to program or it can look for an online dictionary for a more successful attack. It will keep putting in words until the correct password is found. The Dictionary attack also be used the find key for encrypted files to decrypt and gain access. This is also known as a decryption-key assault.

Rainbow Table Attacking

Rainbow table attacking is another password cracking method. The aim in this is to steal an enough lists of password hashes from the victim. Hashes are passwords that have been encrypted from a plain text to a unique string of code. This makes it easy for the owner of the file to retrieve the data in a search and it allows the owner to know if it’s been altered in any form. Once the black hat has gained a list of hashes they can then can then compare them in a rainbow table. Which is like large dictionary of combinations of letter, symbols and special characters hashes an example of a string of hash coding looks is below in figure 4.2. They can then compare the string hashes with the rainbow table. If the attacker can make a match between the tables with the hashes they can then figure out the plaintext password of the victim or victims. This attack is more aimed of large databases and as attacking a single machine is useless and would probably use too much resources and requires high performance workstation.

Prevention of password cracking

These forms of hacking can have a good success rate however there is methods of prevention to make these cracking methods useless or just make it harder for the hacker to obtain your information.

Rainbow table attacking as one flaw in it making your data protected and unreadable in rainbow table attacking it’s called salting. This is when hashing a password with an encryption such MD5 or SHA-3 you deliberately put random characters in front of your password making it harder for the hacker to find the true password. Unless the hacker knows what the salting characters to remove. When choosing the encryption type try make sure it’s a strong encryption type and allow room for a high bit key as this will take the hacker longer to gain access.

Another common techniques that can be used for password protection online include the following:

Never use common passwords such as password or qwerty

Update your password as a much as you can within reason i.e. Don’t change it everyday

Never use the same password for all more than one account

Try to use a mixture of character and numbers for example: P@ssw0rd

Never put a password into a site you don’t know or looks untrust worthy. Look for a picture of a pad lock in the browser. When buying items online that requires a password as this is the symbol for encryption. This turns http secure and will provide information and certificate that it’s genuine. The symbol can be seen in figure 4.4

Figure 4.4 Secure Encryption logo

Malware

Malware is a short abbreviation that stands for Malicious Software and is commonly mistaken as a virus itself. However this is untrue and it’s really a program or application that contains varies forms of virus, worms, Trojans and other forms of attack that in fact cause infection to user’s computers. Malware is commonly found online as it be purposely embedded or injected within web pages vulnerabilities such as images or obfuscated JavaScript. Hackers tend to use smaller websites to spread malware as the owners of the site tend not to have enough resource’s and experience to detect and remove malware and act on an attack quickly. Also using smaller sites with lower traffic means the hacker will be able to avoid being caught giving them longer to spread malware causing more havoc to users.

However for the attack to be successful the malware must be on the victim’s computer. This can be done in varies ways without the victim or victims knowing. Some of the popular ways include:

Banner/Pop Adverts: bogus pop up/banner ad saying to click on the link to gain some sort of attractive deal this can be known as malvertising. Once the victim has fell it can send or link the victim to some malicious code that ill infect the pc or you could be prompt to download a picture or pdf that will contain the infection.

Bogus Software updates: malware can gain access is through websites mainly on social and blogging sites is clicking video’s that require you upgrade a piece of software such as java or shockwave to view the video. However by agreeing to upgrade the victim will actually be downloading and installing some form of malware.

Downloadable content: Probably one of the most common ways for malware to get into a computer is through illegal downloading of cracked software or music and films. Hackers tend to hide some sort of malware within the files as this is a popular way of infection as it’s an easy and vast way to spread infections because illegal downloading from torrent sites is incredibly popular way.

Malware being one of the most common attacks online since the early 90’s theirs been millions variations of it worldwide and as time grows on malware is getting stronger and harder to detect and get rid of and is generally a major threat in cybercrime. According to findings by AusCERT "The most popular antivirus applications on the market are rendered useless by around 80 percent of new malware" 5 said by Graham Ingram the general manager at AusCERT. Figure 4.5 shows the total amount malware found by mcaffe in their database.

Figure 4.5 Total sample of malware in the database

Viruses

Worms

Trojans

Rootkits

Botnets

Spam/phishing

Sql injection attacks

Future Cyber Crime acts

ACCESSABILITY of tools

Start here.

psychological effects of cyber crime

Start here.

Sub Heading

Start here.

Sub-sub Heading

Start here.

laws of cyber crime

Write your discussion here ...

case study

Write your conclusion here ...

9 DISCUSSION

The aim of this project was to investigate and highlight the risks of cybercrime attacks online showing and discussing different types of crimes that can be committed and how often they are committed. Also to highlight the different levels of harm at which cyber-attacks can be committed and to show how easy and accessible cybercrime programs and tools are to get a hold of with and little knowledge of what to look for online.

The act of cybercrime hasn’t been around for that long which is unknown to some. It’s only really been around for the last three or four decades however due to the popularity of iPads, tablets and online streaming of films and online shopping. It’s made life a lot easier for people to do daily things and not stress around town searching for items. However some of these people of all ages are unaware of the dangers thanks to the rapid interest in technology hackers and organised crime groups have seen this as the perfect way to cause havoc and earn a living from stealing online. This has only really be a problem in recent times roughly within the last ten to fifteen years and within this time the cyber world has dramatically changed for the better and the worse. As some of the acts that can be classed as cybercrime have caused many deaths and conflicts and has created a phobia of the internet known as interphobia. It’s staggering to think of the possibilities of what can truly be committed online and the damage it can be committed.

Another aim of this project was also to help provide some information on basic prevention techniques of cybercrime to help resolve common problems such as malware. As it one of the most common and preventable acts of cybercrime that exists online.

CONCLUSION

Bibliography

A list of sources you have used, e.g.

1 http://www.templetons.com/brad/spamreact.html 02/3/2013

2. www.theregister.co.uk/2012/12/14/first_virus_elk_cloner_creator_interviewed/

3. http://www.pcadvisor.co.uk/features/internet/3414409/what-is-hacktivism-short-history-anonymous-lulzsec-arab-spring/ 4/3/13

4. http://www.zdnet.com/eighty-percent-of-new-malware-defeats-antivirus-1139263949/ 10/3/13

5. http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2012.pdf