Cybercrime And Cybercriminals: A Comprehensive Study

2y ago
270 Views
112 Downloads
351.80 KB
12 Pages
Last View : 15d ago
Last Download : 2m ago
Upload by : Melina Bettis
Transcription

International Journal of Computer Networks and Communications SecurityVOL. 4, NO. 6, JUNE 2016, 165–176Available online at: www.ijcncs.orgE-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print)Cybercrime and Cybercriminals: A Comprehensive StudyREGNER SABILLON1, JEIMY CANO2, VICTOR CAVALLER3, JORDI SERRA41Network and Information Technologies Doctoral Programme, Universitat Oberta de Catalunya (UOC),Barcelona, Spain234Law Faculty, Universidad de los Andes (Uniandes), Bogota, ColombiaInformation and Communication Studies, Universitat Oberta de Catalunya (UOC), Barcelona, SpainNetwork and Information Technologies Doctoral Programme, Universitat Oberta de Catalunya (UOC),Barcelona, SpainE-mail: 1regners@athabascau.ca, 2 jcano@uniandes.edu.co, 3vcavaller@uoc.edu, 4jserrai@uoc.eduABSTRACTThe increasing expansion and diversification in the strategies and practices of cybercrime has become adifficult obstacle in order both to understand the extent of embedded risks and to define efficient policies ofprevention for corporations, institutions and agencies. The present study represents the most comprehensivereview of the origin, typologies and developments of Cybercrime phenomenon over the past decade so far.By means of this detailed study, this paper tackles the issue first describing and discussing former differentcriteria of classification in the field and secondly, providing a broad list of definitions and an analysis of thecybercrime practices. A conceptual taxonomy of cybercrime is introduced and described. The proposal of aclassification criterion is used in conjunction with a cybercrime hierarchy derived from the degrees andscale of vulnerability and targets.Keywords: Cybercrime, Cybercrime taxonomy, Network-level Security and Protection, Security andPrivacy Protection, Abuse and Crime Involving Computers.1INTRODUCTIONThe first historical events related to cybercrime,have its roots when the initial computer networkswere set up and at the same time due to the growthof personal computing; these events marked anexpansion of the cybercriminality. The pioneerhackers were conceived at the MIT (MassachusettsInstitute of Technology) in 1960 and on November20, 1963, they were mentioned by an MIT student(The Tech: MIT Student Journal -1963). Although,the term was meant to describe the fancy use tomanipulate computers. As years passed by, the termacquired a different connotation; linked to causedamages to information systems and computers.Einar Stefferud reported that in 1978, he sent thefirst electronic mail as spam. It was DEC thatcommitted this abuse by using the ARPANET‘sdistribution list (Advanced Research ProjectsAgency Network) to advertise a new computer –the ―DEC-20‖.Sweden was the first country to make a law fordata protection called ―Swedish Data Act of 1973‖,it states that data must be protected against allunauthorized access.The United States of America was the secondcountry to create a law to punish the cybercriminality; this act was introduced by Senator AbeRibicoff and ratified as ―Federal Computer SystemsProtection Act of 1977‖. All these isolated eventswere crucial for the introduction of the ComputerForensics and Digital Forensics; both considered ascience and an art. Robert Morris Jr. was the firstcybercriminal on trial and sentenced the 26 th of July1989 under the ―Computer Fraud and Abuse Act of1986‖.

166R. Sabillon et. al / International Journal of Computer Networks and Communications Security, 4 (6), June 2016A recent report from the Internet Society presentsinteresting key statistics and trends [1]:ooooThere were 3 billion Internet users in May2015Mobile Internet penetration will reach 71% by2019192 countries have implemented 3G mobilenetworksNowadays the existing number of apps exceeds1 million, which were downloaded more than100 billion timesThe cybercrime term was coined by Sussman andHeuston in 1995. Cybercrime cannot be describedas a single definition, it is best considered as acollection of acts or conduct – these acts are basedon the material offence object and modus operandithat affect computer data or systems [2]. The termcybercrime constitutes illegal acts where a digitaldevice or information system is either a tool ortarget o simply a combination of both. Thecybercrime expression can be used interchangeablyeither as computer crime, electronic crime, e-crime,high-technology crime, information age crime,cybernetic crime, computer-related crime or digitalcrime.While the “hacker” term meaning has changedover the last decades, the conceptualization of theactivities of this group is mostly seen as dark, evil,operating in underground environments andparticularly with intentions to cause damage againstsociety‘s information systems. The main agents incybercrime activities are hackers. Their motives canbe from just having personal fun – like scriptkiddies defacing websites and breaking accesspasswords, to the satisfaction of being recognizedas an elite hacker by breaking cybersecurity andstealing from Fortune 500 Companies.1.1 ClassificationThere are a lot of hacker categories; thesecategories include different terminology andiconography that create controversy over thecomputer attacker terms. The media and generalpublic refer to people who are responsible forattacking and damaging computer systems as―hackers‖. But using the term hacker to label acybercriminal or computer vandal denigrates theterm as well the historic concept.Most of hacker online activities are perfectlylegal; the difference between hackers, hackers whocommit crimes and cybercriminals rest upon theirattitudes when a hacker accepts the activity and themotives.1.1.1CategoriesThe SANS Institute (2004) based on previousresearcher‘s work have determined variouscategories and subgroups of hackers:White hats: These individuals work within thelaws of the hacker ethic (to do no harm) or assecurity experts.Gray hats: This term was coined by L0pht – oneof the best known old school hacking groups. Thesehackers are reformed Black Hats now working assecurity consultants.Black Hats: These hackers are motivated bypower, anger or hate. They do not have any qualmsto steal or destroy network data that they penetrate.1.1.2 ClassesThese classes of hackers are under both BlackHat and White Hat categories:Elite: They have the knowledge and skills of thehighest level. This status can be gained by aparticularly famous exploit, hack or longevity onthe scene.Script Kiddies: The most scorned subgroupwithin the larger hacker community. These tend tobe the least skilled and youngest members using thetools created by elite hackers.Cyber-terrorists: They use stenography andcryptology for exchanging information and sharingplots online. These hackers are considered tobecome the most serious of computer criminals.Disgruntled (ex) employees: one of the mostdangerous, least publicized groups. These peoplebelieved they were owed special recognition fortheir corporate work and would take revenge for thelack of it.Virus Writers: This group tends to exploitweaknesses found by hackers, then code methods toexecute computer flaws.Hacktivist: This name derives from combiningthe words ‗activism‘ and ‗hacking‘. One of thefastest growing hacker subgroups, which aremotivated to deface websites and launch Denial ofService (DOS) attacks to satisfy political, religiousand social agendas.The EC-Council (2014) has created a differenttaxonomy based on Hacker classes. They highlightthe differences between regular hacking versusethical hacking. This categorization includes eightdifferent classes:Black Hats: Hackers with excellent computingskills that are attracted to malicious activities. Theirmotives are to cause damage, steal information,destroy data and earn money.

167R. Sabillon et. al / International Journal of Computer Networks and Communications Security, 4 (6), June 2016White Hats: Individuals with hacking skills thoseact to protect networks in a defensive way. Theywork is corporate environments as securityanalysts.Gray Hats: Hackers that work both offensivelyand defensively at different situations.Suicide Hackers: Hackers that aim to bring downcritical infrastructure for radical causes and are notafraid to go to jail. They are related to suicidebombers and are active member of cyber terrorismgroups.Script Kiddies: The most unskilled hackers thatare not well versed in hacking techniques. Theytend to focus in getting high quantities of attacksrather than performing quality attacks.Spy Hackers: These hackers are on contract topenetrate and gain trade secrets of their employer‘scompetitors.Cyber Terrorists: These could be people ororganized groups that are motivated by political orreligious motives to cause harm by disrupting largescale computer networks.State Sponsored Hackers: State sponsoredhackers that are employed to damage othercountries‘ networks and information systems.Warren and Leitch (2009) have created anadditional hacker category that was not consideredbefore. The researchers have identified a sub groupof hackers called ―Hacker Taggers‖. These hackerslike to deface websites with the intention of leavinga ‗hacker tag‘ or ‗calling card‘ behind. This tag orcard is updated to show hacker‘s individual scores.The website Zone-H (www.zone-h.org) containsan archive of website defacement history since1999.In terms of hacker categories and classes, weremark that there is not a globally acceptedcategorization of hacker groups nor classes. Whilemany organizations have agreed on certaincategories, that intend to group hackers by theirmotives and actions.We agree that the mostcommon categories are black, grey and white hathackers and any resulting sub-categorizations arebased on specific motives, propaganda, hacktivism,political or religious reasons.1.1.3In fact, the SKRAM (Skills, Knowledge,Resources, Authority, Motivation) model [3] cancalculate the threat potential of cybercriminalsusing their skills, knowledge, resources, authority,intensity of motives and countervailing informationassurance linked on technological and humanfactors.The formula is (S*K*R*A*M) / IA where thesefactors have impact on the amount and time undercertain circumstances of the cybercriminal‘scapabilities.2CYBERATTACKSWe base our study on previous research work(Table 1) from practitioners, scholars and industryexperts. Arief et al. previously studied cybercrimeon two different perspectives: Part 1 from theattacker‘s side [4] and Part 2 for defenders andvictims [5]. Chawki et al. [6] focused oncybercrime and its management issues. Cardwell etal. studied theft of intellectual property, damage ofcorporate networks, financial fraud, hacker systempenetration and execution of viruses and worms.Britz [7] introduced traditional computer crime,contemporary computer crime, identity theft,identity fraud, cyberterrorism and technologicalorganized crime. Mc Quade, III categorizedcybercriminals based on the nature of theircybercrimes.Table 1: Previous studies on cybercrime and cyberattacksAuthorsArief, Adzmi andGross (2015)Chawki, Darwish,Khan and Tyagi(2015)MotivationDescribing a typical cybercriminal stereotype andits motives is almost impossible, mostly becausecybercrime agents act based on one or severalmotives.Some motives entail curiosity, fun, satisfaction,publicity, manipulation, destruction, revenge, egogratification, hacktivism, nationalism, radicalism,religion, politics, and financial benefit.Cardwell et al. (2007)Insight about nt:attackers, defendersand victimsThey studied thecybercrimefundamentals,computer systems atargets,computersystems as tools,content-relatedoffencesandcyberspace anonymityincludingprivacy,security and crimecontrolComprises the 3 Ts:tools to commitcrimes, targets of thevictim and tangentialmaterial to the crime.

168R. Sabillon et. al / International Journal of Computer Networks and Communications Security, 4 (6), June 2016Britz (2013)McQuade, III (2006)They categorizedcybercrime usinginsider and externalattacks.Typology includedearly hackers, theft ofcomponents,neotraditionalcybercrime, identitytheft/fraud,cyberterrorism and itslinks with theorganized crimeCategories of ITabusers andcybercriminals arenegligent users,traditional criminals,fraudsters, hackers,malicious codewriters, media pirates,harrasers, cybersexoffenders, academiccheats, organizedcriminals, freelancespies andcyberterroristsOur cyberattack and cybercrime taxonomies areestablished on current threats, vulnerabilities,hacker subculture, risks, impact, technology andhuman factors. With those principles in mind, ourefforts must be oriented towards the safeguardingof the cybersecurity triad that encirclesconfidentiality, integrity and availability.Nowadays, cyber vulnerabilities are exploitedusing simple, sophisticated or a combination ofseveral cyberattacks. In this section, we present themost common type of cyberattacks [8], we need tounderstand that as technology evolves new risksand threats will lead to more advanced Techniques,Tactics and Procedures (TTP) to system‘s hacking.2.1 Advanced Persistent Threats (APT): The termAdvanced Persistent Threat was coined in 2005 byan USAF security analyst [9]. According to the USNational Institute of Standards and Technology(NIST), an APT is an adversary that possessessophisticated levels of expertise and significantresources to create opportunities to achieve itsobjectives using multiple attack vectors. It pursuesobjectives over an extended period of time; adaptsto efforts of the defenders and maintains anadequate level of interaction aligned with itsobjectives. The attack cycle encircles targetselection, target research, target penetration,command and control, target discovery, dataexfiltration,intelligenceinformation exploitation.disseminationand2.2 Arbitrary/remote code execution: Attackers usetechniques to install malware remotely in order totake partial or complete control of a system.2.3 ARP poisoning: Address Resolution Protocolpoisoning misleads interconnection devices aboutthe real MAC of a machine. ARP contains only twotypes of messages: ARP request and ARP reply.Attackers create ARP reply packets using spoofedMAC addresses to poison ARP cache on anynetwork system. VLAN segregation prevents thistype of attack.2.4 Bluejacking: It is the process of sending textmessages using a private Bluetooth device withoutthe owner‘s consent. In addition to text messaging,some Bluetooth devices can include sound. Thebest security strategy is to operate the device in anon-discovery mode.2.5 Bluesnarfing: Unauthorized access to aBluetooth device or data theft from any Bluetoothconnection. This attack will take place as long thedevice is on and set to discovery mode. Linux userscan launch this type of attack using hcitool andObexFTP tools.2.6 Buffer overflow: This usually happenswhenever an application receives more input than itcan handle. The result is a system memory errorthat exposes a vulnerability that later can beexploited to write malicious code. Normally thesequence attack is primarily causing the bufferoverflow, then is sending a long NOOP (NoOperation) command, inserting the malicious codeand finally by triggering the code execution.2.7 Client-side attacks: This type of attack can belaunched using a client application aiming to accessspecific servers or databases. This can be avoided ifproper input validation and stored procedures are inplace. Client-side attacks are based on transitivetrust access that allows forest trust relationships inall Active Directory domains.2.8 Cookies and attachments: Cookies can storeweb browsing history and sensitive data includingusernames, passwords and session IDs that areinstrumental for additional attacks like sessionhijacking. Malicious attachments can triggermalware attacks like viruses, Trojans and worms.2.9 Cross-site Request Forgery (XSRF): Attackersfool users by creating malicious HTML links andredirecting the victims to perform specific actions.A security measure is to create expiration cookiesand to prevent automatic log on.

169R. Sabillon et. al / International Journal of Computer Networks and Communications Security, 4 (6), June 20162.10 Cross-site Scripting (XSS): This attackredirects end users to malicious webpages, byencoding or , img , and tags and embeddingHTML or JavaScript code into websites or emails.Once the link is open then the code will run on theuser‘s computer. Local cookies can be read after thescript is executed. Web developers must blockHTML and JavaScript tags by hardening inputvalidation on webpages.2.11 Denial-of-Service (DoS): Attack that inhibitslegitimate users from accessing computer services.Normally DoS target connectivity or networkbandwidth by overflowing server traffic, resources,nodes or services. Some techniques to launch theDoS attacks include SYN flood, bandwidth, servicerequest, ICMP, P2P, permanent DoS, smurf, applevel and buffer overflow.that only store 1,024 bytes of information. Flashcookies are able to recreate deleted cookies.2.18 Fuzz Testing: It is used to detect systemvulnerabilities that can be later exploited. Thisattack transmits strings of data from scripting tospecific applications.2.19 Hash injection: It is an attack that injects analtered hash to authenticate into a local session inorder to access network resources. Attackers willlog onto the domain controller, accessing theActive Directory and manipulating domainaccounts.2.20 Header manipulation: Flags are modifiedwithin data packets granting legitimate rights toattackers.Dualauthenticationpreventsmanipulating user‘s data.2.12 Directory/command injection: These attacksuse commands to manipulate an application via theOperating System or the deletion of directories,subdirectories or files. A good security measure isto implement input validation.2.21 ICMP flooding: DoS attack that sends InternetControl Message Protocol (ICMP) packets withspoof source addresses so TCP/IP requests stop.Once the ICMP threshold is reached the router nolonger accepts the ICMP echo requests.2.13 Distributed Denial-of-Service (DDoS):DDoS are launched using several zombiecomputers (botnet- derived from roBOT NETwork)attacking a specific target. During a DDoS thetarget computer will sustain extreme networktraffic, memory and processors usage. To detectoutbound traffic, use the command line tool netstat-a2.22 Information disclosure: These attacks allowperpetrators to obtain valuable information about asystem. Some examples include revealingpasswords, shoulder-surfing, loss of thumb drives,laptop theft, message insecurity over HTTP,sharing of confidential policies, data leakage andsocial engineering information disclosure.2.14 DNS poisoning: Domain Name Systempoisoning is an attack that modifies or corruptscached DNS results. The major risks are thepropagation of poisoned DNS information to theInternet Service Providers and be cached in theirservers.2.15 Domain Name kiting: This practice allowsattackers to register domain names and delete themafter the five-day free trial. During the free period,domain tasting will generate traffic and likewisegenerate revenue without paying for the domainregistration.2.16 Evil twin: Rogue access point attack thatconfigures a WAP (Wireless Access Point) with thesame SSID (Service Set Identifier) of a valid WAP.Attackers set these devices in public places withfree Wi-Fi. Sensitive information is stolen from theusers that connect to the evil twin.2.17 Flash cookies: Because Adobe Flash cookiescan be set to never expire; they represent a high riskto steal user‘s browsing history. Flash cookies arenormally 5 MB in comparison to regular cookies2.23 Integer overflow: This attack is the resultwhen an arithmetic operation exceeds themaximum value of an integer used for storage. Thisexploit can be used for buffer overflow, infinitiveloops and data corruption.2.24 IV (Initialization Vector) attack: This exploittakes place on Wi-Fi networks using the WEP(Wired Equivalent Privacy) security protocol. WEPhas known vulnerabilities. The attackers use packetinjection for cracking the small IV for keys andobtaining the encryption key.2.25 Jamming interference: This attack can be partof a major Wireless Denial of Service (WDoS)attack. Attackers use malicious nodes to blockaccess to the medium and likewise interfere withwireless or wired reception. Sophisticationincreases from continual transmission interferenceto exploiting protocol vulnerabilities.2.26 Keylogger attack: This can be a hardwaredevice or a small program that records user‘skeystrokes or screen content. If it is a physicaldevice, the attacker must remove it in order toaccess the information. On the other hand, if thehidden program was installed on the victim‘s

170R. Sabillon et. al / International Journal of Computer Networks and Communications Security, 4 (6), June 2016computer – its DLL (Dynamic Link Library) filewill record all keystrokes.2.27 Lightweight Directory Application Protocol(LDAP) injection: This attack targets ActiveDirectory accounts so can be modified using LDAPcommands.2.28 Malicious add-ons: We have to be verycareful about any additional add-ons that thebrowsers will install on our computers. There havebeen cases in the past that browser add-onsinstalled malware on the client computers. Somemeasures include running additional scans, do notdownload from compromised sites and keep systemwith the latest security patches.2.29 Malicious insider threat: An insider attackusing valid system access credentials cancompromise data confidentiality. Motives includerevenge, financial gain and industrial espionage.Insider threats are very difficult to detect but a mixof controls can be implemented like least privilege,proper segregation of duties, auditing, enforcementof legal and security policies, restricted access andcritical data backup management.2.30 Malware attacks: Malicious software that isinstalled through different devious ways. There areseveral categories of malware, the most commonare viruses, worms and Trojan horses.2.30.1 Virus: Malicious code that replicates byitself and needs execution in order tocause damage.2.30.2 Worm: Self-replicating malicious codethat spreads across the network withoutintervention or execution.2.30. 3 Trojan horse: Trojans hide within a validapplication that will get activated uponcertain actions. These programs can evendisable firewalls, create backdoors,activate botnets, generate fake traffic anddelete system files.2.30.4 Logic bomb: Malicious scripts that willactivate for a particular event. Normally,they are programmed to destroy theoperating system, deletion and formattingof all network drives.2.30. 5 Rootkits: Programs that hide othermalware by modifying the operatingsystem. Some rootkits are at the bootloader,library,hardware,application, firmware, kernel andhypervisor levels.2.30.6 Spyware: This program gathers sensitiveinformation about the user.2.30.7 Rogueware: These programs are alsonamed scareware, the malicious programsmasquerade as a security application andsend messages of malware infection.After a system scan or trial expiration,users get asked to pay for a full version.2.30.8 Ransomware: Extortive malware thatlocks user‘s data in order to get paymentfor unlocking the data.2.31 Man-in-the middle (MITM): This type ofattack allows active interception of network trafficand sending malicious code to the client‘s machine.Kerberos prevent MITM attacks by enforcingauthentication.2.32 Misconfiguration attacks: These attacks takeadvantage of wrong, default or compromisedconfigurations to access systems, nection devices.2.33 Near field communication (NFC): There area few attacks under NFC including eavesdropping,data corruption and smartphone viruses. NFCdevices can communicate if the separation is fourcentimeters or less. The biggest risk is cardskimming due to the fact when mobile card readersare used to complete the online payments. NFCchannels are also vulnerable to MITM attacks.2.34 Packet sniffing: Attackers use protocolanalyzer or sniffer programs like Wireshark,TCPDump and Sniff-O-Matic to capture and tracknetwork packets. Unencrypted data is the mostvulnerable when using sniffers – captured packetscan easily be read and analyzed data can also beused to plan further cyberattacks.2.35 Password attacks: These attacks use differenttechniques to crack server, network device, systemsor user passwords. Weak passwords can be avoidedif they use a long combination of capital/ small caseletters, numbers and special characters. Crackingtechniques include brute force, rule based,dictionary, hybrid and syllable attacks. Somepassword cracking tools are L0phtCrack, John theRipper, Cain and Abel, Passscape and Aircrack.2.36 Pharming: This type of attack aims DNSservers; it is particularly a DNS poisoning attackthat redirects traffic to a fraudulent website. Cybercrooks can take advantage of this by stealingconfidential information of users.2.37 Privilege escalation: When hackers penetratesystems, they normally have limited accessaccounts and want to obtain full privilege accountslike super admin accounts. Elevated rights and

171R. Sabillon et. al / International Journal of Computer Networks and Communications Security, 4 (6), June 2016permissions of attackers allow them to gainadditional controls and remain unnoticed in thetarget system.2.38 Rainbow attack: Attackers check the stolenpassword validity during this type of attack. Byusing cryptanalysis techniques, the time-memorytrade off calculates memory information, insertingthe password hash table, comparing and matchingpasswords until they are cracked.2.39 Replay attack: Attackers replay data betweencommunication sessions. Using the data, they canimpersonate an user to obtain information.Kerberos block this type of attack using timestamped tickets.2.40 Rogue access points: Counterfeit WAPs areconnected to networks to capture traffic. This roguedevice will easily grant access to unauthorizedusers using wireless and wired networks of thevictim.2.41 Session hijacking: This process seizes anactive network or application session. Byintercepting and taking control of an user‘s session,the attacker inserts malicious code to target serverafterwards. Packet interception happens at thenetwork level and HTTP session takeover at theapplication level in OSI model. Some preventionmeasures against session hijacking include the useof Secure Shell (SSH), HTTPS, log-outfunctionality implementation and data encryption.2.42 Shrink wrap code attacks: These attacks areaimed at applications immediately after its initialinstallation. The most common vulnerability is toexploit default code from libraries.2.43 Smurf attack: A DoS attack that spoofs thesource host to flood the target computer with pingreplies.2.44 Social Engineering: Hackers use social tacticsto persuade people to reveal sensitive informationthat can be later used for malicious actions. Socialengineering types include using human interaction,computers or mobile devices.Attackers normally pose as legitimate users, VIPexecutives or technical support analyst to committheir attacks. Best anti-social engineering strategiesare education, security awareness training andenforcement of IT security policies.2.45 Spear phishing: This attack targets a specificuser or a group of users. Normally uses an emailthat seems legitimate to ask for some wire transferalready approved by a top executive within acompany.2.46 Spim: Spam instant messaging targets instantmessaging apps such Yahoo Messenger, WhatsAppand Line. The attackers need mobile numberconfirmation if the users click the link. Best way todeal with Spim is to ignore the messages and deletethem.2.47 Spoofing: Cyberattacks can use spoofing inmany ways, from changing IP addresses tochanging Media Access Control (MAC) addressesto email address by hiding the attacker identity.2.48 SQL injection: These attacks are the highestweb vulnerability impacts on the Internet. A flaw inthe coding of a web application is exploited toallow additional data entry to generate unique SQLstatements. Many relational databases arevulnerable to this attack including DB2, MySQLand SQL SRV. These attacks can avoidauthentication, trigger code execution and affectdata integrity.2.49 SYN flooding: Common DoS attacks use SYNto flood servers. It is based on the TransmissionControl Protocol (TCP) handshake process thatoverflows the normal three-way handshake usingSYN and ACK packets between hosts. Attackersnever send the ACK part and otherwise they keepsending multiple SYN packets to get several halfopened connections causing a system crash.2.50 Transitive access: This access involves atrusted relationship within a network that can beexploited to attack core systems. Client-side attacksuse transitive relationships whenever an attackercannot aim a direct cyberattack.2.51 Typo squatting: This is a form ofcybersquatting that reroutes users to maliciouswebsites. Active domain names with typographicalerrors are created, registered as valid URLs andthen uploaded as alternate websites to infect userswith malware.2.52 URL hijacking: This attack is also known asMan-in-the-Browser attack. It triggers a Trojan tohijack the communication between the browser andthe libraries. The extension files from the Trojanconvert the Document Object Model (DOM)interface and modify the user values.2.53 Vishing: This attack uses Voice over InternetProtocol (VoIP) or a phone system calls to trickusers to give personal information in a similar wayto phishing attacks. Attackers can spoof caller IDsto masquerade a phone call within a company.Personal information is at risk if the user providesthe required information to validate some kind offinancial transaction.

172R. Sabillon et. al / International Journal of Computer Networks and Communications Security, 4 (6), June 20162.54 War chalking: This technique is used to placespecial symbols on sidewalks or wa

et. al / International Journal of Computer Networks and Communications Security, 4 ( 6), June 201 A recent report from the Internet Society presents . While the “hacker” term meaning h

Related Documents:

hacking. Concept of Cybercrime. Concept of Cybercrime Underground Economy . Concept of Cybercrime. Concept of Cybercrime Phishing. Hacktivism Concept of Cybercrime. Cyberwar: Estonia Case Concept of Cybercrime "I felt the country was under attack by an invisible enemy. . . . It was

study.2 The collection of topics for consideration within a comprehensive study on cybercrime included the problem of cybercrime, legal responses to cybercrime, crime prevention and criminal justice capabilities and other responses to cybercrime, international organizations, and technical assistance.

THE FUTURE OF CYBERCRIME & SECURITY Key Takeaways & Juniper Leaderboard 1.1 Cybercrime Key Takeaways 1.1.1 IoT Botnets & DDoS Emerging Security is still not being designed into much of the IoT (Internet of Things), particularly those areas that work from legacy M2M (machine to machine) networks. This leaves them open to use by cybercriminals,

TREND MICRO TrendLabs 1Q 2014 Security Roundup Introduction At the end of 2013, we realized that digital heists pushed stick-’em-up bank heists to the curb.1 While this holds true amid large data breach incidents and rampant cybercrime, the first quarter of 2014 also showed that today’s cybercriminals are

Module 6 discusses digital forensics and cybercrime investigations. This Module explores the legal and ethical obligations of cybercrime investigators and digital forensics professionals, good practices in the handling of digital evidence, its analysis, the reporting of digital forensics results, and the assessment of digital evidence.

The report contains six main chapters. After an introduction (Chapter 1), it provides an overview of the phenomena of cybercrime (Chapter 2). This includes descriptions of how crimes are committed and explanations of the most widespread cybercrime offences such as hacking, identity theft and denial-of-service attacks.

After defining stock market cybercrime and obtaining an estimate of the cost of cybercrime (in general) and of the impat of a y erattak on a listed ompany's share prie, we analysed the various ases available publicly, sometimes trying to anticipate the future of cyber insider trading, cyber price manipulation and cyber dissemination of false .

Asia-Pacific Regional Workshop on Fighting Cybercrime Transnational organized groups and Cybercrime Dr Kim-Kwang Raymond Choo Senior Lecturer / 2009 Fulbright (DFAT Professional) Scholar University of South Australia Visiting Researcher ARC Centre of Excellence in Policing and Security, Australian National University Associate