Cyber Crime in Pakistan
Content
Acknowledgment
All the praise to Almighty Allah the most beneficent and merciful who gave us this opportunity to compile this research report. I am very thankful to course instructor Dr. Shabib ul Hasan who remained very cooperative and helpful throughout this work. He just did not make my concepts clear but gave me vivid direction and east path to compile this report. I hope that he will continue to guide me in this way in future. This report is the combination of lot of sincere hard work and dedication. This report is the result of valuable ideas and suggestions given by IT experts and MS students. They all were very cooperative and helpful through this research report. I am also very thankful to my class fellows who were very supportive to make the things easy, as it was very strenuous task. I will highly appreciate any suggestion for improvement in this report or any other queries regarding this report and its contents from everyone especially from my companions and well wishers. As nothing is perfect in this world and there is always a room for improvement.
2
PRELIMINARY DATA GATHERING
Table of Contents
Sr. No# 1 2 3 TOPICS Page No# 4 5 6 6 7 14 16 21 25 25 26 27 28 30 41 42 45 46 47
Abstract
Observation Preliminary data gathering • • • • Introduction Cyber Crime: An Overview Cyber Crimes In Developing & Developed Countries Cyber Crimes In Pakistan:
4 5 6 7 8 9 10 11 12 13 14 15
Literature Survey Problem Definition Theoretical Framework Relationships Among Variables Hypothesis Development Scientific Research Design Data Collection, Analysis And Interpretation Deduction Solutions Of Cyber Crimes Conclusion
Recommendation References
3
ABSTRACT
RESEARCH METHODOLOGY The first section of the report include the observation, objective of the research as to why we are doing this research, preliminary data gathered to have a clear knowledge of the following research, theoretical framework in which all the possible variables are defined along with this hypothesis is also generated in the form of statements, scientific research design which includes information about sampling and data collection procedures.
PRESENTATION AND ANALYSIS OF DATA This section extracts and displays all the data that was collected in the conclusive research and presents this in the form of close cross tabulations, graphs and pie charts to simplify interpretation. We have used Microsoft excel for the calculations.
RESEARCH RESULTS: This section includes the analysis of data ad draws results based on them. This includes basic research findings, conclusions and recommendation according to the data collected and analyzed.
4
OBSERVATION
The information infrastructure is increasingly under attack by cyber criminals. The number, cost, and sophistication of attacks are increasing at alarming rates. Worldwide aggregate annual damage from attacks is now measured in billions of U.S. dollars. Attacks threaten the substantial and growing reliance of commerce, governments, and the public upon the information infrastructure to conduct business, carry messages, and process information. Most significant attacks are transnational by design, with victims throughout the world. Measures thus far adopted by the private and public sectors have not provided an adequate level of security. While new methods of attack have been accurately predicted by experts and some large attacks have been detected in early stages, efforts to prevent or deter them have been largely unsuccessful, with increasingly damaging consequences. Information necessary to combat attacks has not been timely shared. Investigations have been slow and difficult to coordinate. Some attacks gets birth in Pakistan that lack adequate laws governing deliberate destructive conduct. Efforts shall be made to make a security code and program to guard the computer system from misuse, routers and firewalls can be used to protect the computer network. A check should be kept on the functioning of cyber cafes and any mishappening shall be reported to the concerned authorities. Strict cyber laws should be formulated and implemented to fight against cyber criminals.
5
PRELIMINARY DATA GATHERING
1. INTRODUCTION: Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
CONVENTIONAL CRIME:
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is a legal wrong that can be followed by criminal proceedings which may result into punishment. The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.
1.1 Background of Study
CYBER CRIME Cyber crime is the latest and perhaps the most complicated problem in the cyber world. Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime. Per Lord Atkin “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime” A generalized definition of cyber crime may be “unlawful acts wherein the computer is either a tool or target or both”. The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following casesunauthorized access to computer/ computer system/ computer networks, theft of
6
information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium
2. Cyber Crime: An Overview
The growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information.
2.1 Historical Background:
The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime! Today, computers have come a long way, what with neural networks and nanocomputing promising to turn every atom in a glass of water into a computer capable of performing a billion operations per second.
7
Cyber crime is an evil having its origin in the growing dependence on computers in modern life. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber crime has assumed rather sinister implications.
2.2 Types of Cyber Crimes
Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity usually involves a modification of a conventional crime by using computers. Some examples are:
Financial crimes
This would include cheating, credit card frauds, money laundering etc. Misappropriation of funds by manipulation of computer records was reported, wherein Punjab National Bank was cheated to the tune of Rs. 1.39 crores through false debits and credits in computerized accounts. In another case, Rs. 2.5 lakhs were misappropriated from Bank of Baroda through falsification of computerized bank accounts.
Sale of illegal articles:
This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. E.g. many of the auction sites even in India are believed to be selling cocaine in the name of ‘honey’.
Online gambling:
There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.
Intellectual Property crimes
These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc.
Email spoofing
A spoofed email is one that appears to originate from one source but actually has been sent from another source. E.g. Faraz has an e-mail address [email protected]. Her enemy, Sameer spoofs her e-mail and sends obscene messages to all her acquaintances.
8
Since the e-mails appear to have originated from Faraz, her friends could take offence and relationships could be spoiled for life. Email spoofing can also cause monetary damage.
Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Outside many colleges across Pakistan, one finds touts soliciting the sale of fake mark sheets or even certificates. These are made using computers, and high quality scanners and printers. In fact, this has becoming a booming business involving thousands of Rupees being given to student gangs in exchange for these bogus but authentic looking certificates.
Cyber Defamation:
This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person’s friends.
Cyber stalking:
The Oxford dictionary defines stalking as “pursuing stealthily”. Cyber stalking involves following a person’s movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc. Now, let us examine some of the acts wherein the computer is the target for an unlawful act. It may be noted that in these activities the computer may also be a tool. This kind of activity usually involves sophisticated crimes usually out of the purview of conventional criminal law. Some examples are:
Unauthorized access to computer systems or networks:
This activity is commonly referred to as hacking. An active hackers’ group, led by one “Dr. Nuker”, who claims to be the founder of Pakistan Hackers Club, reportedly hacked the websites of the Indian Parliament, Ahmedabad Telephone Exchange, Engineering Export Promotion Council, and United Nations (India).
Theft of information contained in electronic form
This includes information stored in computer hard disks, removable storage media etc.
9
Data diddling
This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity Boards in Pakistan have been victims to data diddling programs inserted when private parties were computerizing their systems.
Salami attacks
These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizeable amount of money every month.
Denial of Service attack
This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource. Another variation to a typical denial of service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim’s computer(s), exceeding the limit that the victim’s servers can support and making the servers crash. Denial-of-service attacks have had an impressive history having, in the past, brought down websites like Amazon, CNN, Yahoo and eBay!
Virus / worm attacks
Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory. The VBS_LOVELETTER virus (better known as the Love Bug or the ILOVEYOU virus) was reportedly written by a Filipino undergraduate.
Logic bombs
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).
10
Trojan attacks
A Trojan as this program is aptly called is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. There are many simple ways of installing a Trojan in someone’s computer.
Internet time theft
This connotes the usage by an unauthorized person of the Internet hours paid for by another person.
Web jacking
This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website.
Theft of computer system
This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer.
Physically damaging a computer system
This crime is committed by physically damaging a computer or its peripherals.
TOOLS AND TECHNIQUES OF CYBER CRIME
Unauthorized Access
“Access” is defined in Section 2(1) (a) of the Information Technology Act as “Gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network”. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Thus not only would accessing a server by cracking its password authentication system be unauthorized access, switching on a computer system without the permission of the person in charge of such a computer system would also be unauthorized access. Packet sniffing, tempest attack, password cracking and buffer overflow are common techniques used for unauthorized access.
11
Viruses
A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus".
2.3 Email related crime
Email has fast emerged as the world’s most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals. Some of the major email related crimes are: 1. Email spoofing 2.Sending malicious codes through email 3.Emailbombing 4. Sending threatening emails 5. Defamatory emails 6. Email frauds
1. Email spoofing
A spoofed email is one that appears to originate from one source but has actually emerged from another source. Email spoofing is usually done by falsifying the name and / or email address of the originator of the email. Usually to send an email the sender has to enter the following information: i. Email address of the receiver of the email ii. Email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy) iii. Email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the e-mail (known as BCC for blind carbon copy) iv. Subject of the message (a short title / description of the message) v. Message Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email.
12
2. Spreading Trojans, viruses and worms
Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance, reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans, viruses, worms and other computer contaminants with egreeting cards and then email them to unsuspecting persons. Such contaminants can also be bound with software that appears to be an anti-virus patch. E.g. a person receives an email from [email protected] (this is a spoofed email but the victim does not know this). The email informs him that the attachment contained with the email is a security patch that must be downloaded to detect a certain new virus. Most unsuspecting users would succumb to such an email (if they are using a registered copy of the McAffee anti-virus software) and would download the attachment, which actually could be a Trojan or a virus itself!
3. Email bombing
Email bombing refers to sending a large number of emails to the victim resulting in the victim’s email account (in case of an individual) or servers (in case of a company or an email service provider) crashing. A simple way of achieving this would be to subscribe the victim’s email address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of interest with one another via email. Mailing lists are very popular and can generate a lot of daily email traffic – depending upon the mailing list. Some generate only a few messages per day others generate hundreds. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email address of the victim multiple times in the “To” field, and press the “Send” button many times. Writing the email address 25 times and pressing the “Send” button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which make it very difficult, for the victim to protect himself.
13
4. Threatening emails
Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail.
5. Defamatory emails
As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to be very harmful and even fatal to the people who have been made its victims.
6. Email Frauds
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else’s identity but also to hide one’s own. The person committing the crime understands that there is very little chance of his actually being identified.
3. Cyber Crimes in Developing & Developed Countries
A comparative analysis of cyber crimes in developing & developed countries. G8 wages war on cyber crime is described below where as for the study of the developing countries I have taken India, China, and Bangladesh into consideration.
3.1 Cyber Crimes in Developed Countries
G8 wages war on cyber-crime
Ministers from the eight major industrialized nations, the G8, have agreed on a plan to fight international computer crime. The move follows a meeting in Washington of the interior and justice ministers of Britain, Canada, France, Germany, Italy, Japan, Russia and the United States. The US Attorney-General, Janet Reno, said criminals were no longer restricted by national boundaries and all countries had to act together if they wanted to combat cybercrime. "With emerging technologies, no longer will we have to fight 21st century crimes with 19th century tools," she said. "Today is an important day in fighting computer crime, and in laying the groundwork for the next century of crime fighting."
14
The agreement aims to tackle the following forms of cyber crime:
• • • • •
pedophilia drug-trafficking money-laundering electronic fraud such as theft of credit card numbers, money-laundering and computerized piracy industrial and state espionage
The most important measure to tackle these offences is a commitment to train law enforcement officials in the tools of the cyber trade, and to co-ordinate prosecution efforts so that countries know where to try a cyber criminal. Ministers also pledged to create a 24-hour-a-day contact service to help national police forces respond quickly and in a concerted manner to fast-moving cyber-criminals. Other measures in the ten-point action plan include judicial co-operation and agreements on extradition, hastening the progress of mutual agreements, speeding up communication, provision of standards for secure telecommunications and developing forensic standards for retrieving electronic data .
3.2 Cyber Crimes in Developing Countries
I have taken India, China, and Bangladesh to study the cyber crimes in these developing countries.
India: Cyber Crimes
India has recently launched a computer crime research centre to control the rate of cyber crimes. The crimes have however gained momentum in India only in the recent past. As an upshot, the Indian Parliament gave effect to a resolution of the General Assembly of the United Nations for adoption of a Model Law on Electronic Commerce. The consequence was the passing of Information Technology Act 2000. The Act aims to regulate and legalize E-Commerce and take cognizance of offences arising there from.
In India the following types of cyber crimes exist and are increasing at a rapid pace namely: financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following casesunauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami
15
attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
4. Cyber Crimes in Pakistan:
The primary research based on the 20 sample study of the IT experts, found that currently the rate of the cyber crimes in Pakistan is not that much high as comparison to USA or other developed countries. Research found that the common types of cyber crimes which exist in Pakistan are stated as follows: 1. Financial crimes 2. Cyber pornography 3. Sale of illegal articles 4. Online gambling 5. Intellectual Property crimes 6. Email spoofing 7. Cyber stalking 8. Forgery 9. Unauthorized Access to computer systems\networks 10. Theft of information contained in electronic form 11. Virus\ Worm Attacks 12. Logic Bombs 13. Trojan Attacks 14. Internet Time theft 15. Password Cracking 16. Buffer Overflow
4.1 Internet use is not widespread in Pakistan
The Internet is not widespread in Pakistan and is moving at a slow and irregular pace, said the French Reporters sans frontières (Reporters Without Borders) organisation in its second annual report (2003) on cyberspace titled “The Internet under Surveillance: Obstacles to the free flow of information online”.The RSF is a Paris-based watchdog that defends imprisoned journalists and press freedom throughout the world, and protects the public’s right to be informed in accordance with Article 19 of the Universal Declaration of Human Rights. The report says the Internet is the bane of all dictatorial regimes, but even in democracies such as the United States, Britain and France, new anti-terrorism laws have tightened government control of it and undermined the principle of protecting journalistic sources. The report is about attitudes towards the Internet by the powerful in 60 countries, between spring 2001 and spring 2003. The preface is by Vinton G Cerf, often called the ‘father’ of the Internet.
16
The number of Internet users in China, the report says, doubles every six months and the number of Chinese websites doubles every year. But this dizzying expansion of cyberspace is matched by government efforts to control, censor and repress it with harsh laws, jailing cyber-dissidents, blocking access to websites, spying on discussion forums and shutting down cyber cafés. Regarding Pakistan, the reports said, there are around 500,000 using the services of privately owned ISPs. The Internet is not yet widespread and is still mainly accessed through cyber cafés. It does not seem to be heavily censored. But the Daniel Pearl kidnapping and murder case showed how extremists could use it. The military regime has made every effort to block access to a US-based investigative journalism website. With only a half a million Internet users, Pakistan is quite behind in new information technology. This is mainly because of the country’s large size and low level of economic development, including only a few million private phone lines, mostly in big cities. General Pervez Musharraf’s government appears to favour its growth, even though on the day he seized power, 12 October 1999, the army cut off all Internet connections for several hours, and in July 2002, the Pakistan Telecommunications Authority (PTA) tried to force cyber cafés owners to record the names of their customers. The report says, “Gen Musharraf says his government has invested more than 100 million euros in communications and sharply reduced the cost of connections and services since 1999. Pakistan has since launched a programme to boost digital technology, the information technology with an efficient telecom policy.”Slow and difficult development: The new policy has led the government to cut Internet connection costs and invest in telecommunications infrastructure, while putting the Internet under the direct supervision of the PTA. The state’s monopoly in the sector ended in December 2001 but big Internet operators such as AOL are reluctant to invest in a country where scant profits are to be made. For the time being, Pakistanis are enthusiastically using cyber cafés, which are everywhere in the cities. In Peshawar, a new one opens nearly every day. The Pakistan Telecommunication Company (PTCL) announced on April 2, 2003 that 400 new sites with “indecent” content had been added to an earlier list of 100 banned websites and asked Internet operators to block access to them. ISPs said the move would slow down Internet access. A senior PTCL official, Zahir Khan, said on April 6, 2003, that access to nearly 1,800 pornographic sites had been banned and that the PTCL was thinking of importing software to make it easier to do. Also targeted were “anti- Islamic” and “blasphemous” sites. The PTCL admitted the blocking would temporarily slow down Internet navigation but said it was necessary because of what it called ‘the great threat to society’ from such sites. Mairaj-ul-Huda, a leader of the Jamaat-e-Islami party, welcomed the moves and said the electronic media had to be reformed to bring them in line with the country’s culture and religion so that young people would not be tempted by such evil. Pak-India cyber war: The Pakistani government set up a special inter-ministerial committee in May 2003 to counter increasing attacks on government websites by Indian
17
hackers who were making them inaccessible. Information technology minister Awais Ahmad Khan Leghari said that if the attackers were identified, the government would take the matter to the relevant international authorities to seek punishment for them. The previous month, he had said the government was thinking of hiring its own hackers to fight the Indian attacks.
4.2 Electronics Crimes Unit
An Electronics Crimes Unit (ECU) will be established soon in Sindh Police Department to deal with the cyber and electronics crimes. The Inspector General of Police (IGP) Sindh, Syed Kamal Shah Has issued orders to this effect, without taking any proper Arrangement, sources disclosed. Electronics and cyber crimes are the yield of high tech-era, which must be dealt with the same sort of expertise and sophistication, to unearth crimes, fix the responsibilities, and to make headway. It is Very necessary for persons who are investigating the cases of Electronics and cyber crimes that they should know each and every Technicality of the subject like an expert. Sindh police chief's order for setting-up the ECU, appears a mere lip-service. Without cyber cops, cyber judges, cyber advocates, etc one wonders how cyber criminals would be arrested, and how investigations would be conducted to nab the accused persons. It has yet to be decided who would conduct hearing of cyber crime cases and who would be competent to decide them, or whether the person implicated is indeed involved in the crime or not. Reports indicate that in the history of Pakistan, there had been only three cases of cyber crime reported so far. two of these cases were investigated by the defunct Crimes Branch of Sindh Police, and the third one was a very high profile case, in which a US journalist Daniel Pearl was reportedly kidnapped and later assassinated by unknown persons. Later, some accused persons including a British national were arrested in this case as their involvement was detected purely through high-tech means. Although the case of the US journalist Daniel Pearl was decided by the learned court, the persons who had been implicated in the crime earlier by the police through cyber means, were the same who were sentenced by the court. If any investigator were to look deeply into these cases he would see on technical grounds that the evidences gathered by the police investigators in the Daniel Pearl case were not sufficient enough to fix the responsibilities on the accused persons.
18
Technical evidences must be examined in the light of Articles 6 and 7 of the Evidence Act, under which condition a question would be raised whether the evidences presented before the court in the Daniel Pearl case were justified or not. It might be the government policy, but it remains a fact that gathering and presentation and acceptance of evidences were not smooth and transparent. Clearly, the police officials who investigated the crime were not bearing any expertise to deal with cyber crimes at all. Whatever the learned court had decided is acceptable to all but one question remains very pertinent about the validity of the investigation itself which had been carried out without properly-trained officials, who were certainly not cyber cops in this case. Moreover, the court which examined the case was not presided by a cyber judge, which was Certainly a need of the case. It should be recalled here that so far no legislation had been enacted in the country to deal with cases of cyber crimes. It is also worth mentioning here that few multinational banks operating in Pakistan had offered their services time and again to the high police officials for training and provision of the equipment required to deal with the cyber crimes. More than half a dozen meetings in this Connections were held with the former IGP Aftab Nabi, but they yielded no result. Sources close to fraud control units of the different multinational banks disclosed that they had also approached the IGP Syed Kamal Shah, but to no avail. Now, the orders for establishing the ECU were given in writing by none other than the IGP Sindh himself to his subordinates who are undergoing the course of proper formalities, but their implementation has yet to materialise.
19
4.3 Pakistan sets up cyber crime wing
ISLAMABAD, Pakistan (AP) -- A Pakistani security agency has launched a special wing to combat cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails sent by the kidnappers of American journalist Daniel Pearl a year ago. "The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet and trace those involved in cyber-related crimes," Iftikhar Ahmad, spokesman for Pakistan's Interior Ministry, told The Associated Press on Wednesday. "The importance of this special wing was felt when Daniel Pearl was kidnapped, and his captors started sending e-mails to newspapers," he said. The Wall Street Journal correspondent disappeared on January 23, 2002 from Pakistan's southern city of Karachi. On January 27, 2002, the Journal and other media received an e-mail from a group calling itself the National Movement for the Restoration of Pakistani Sovereignty. The email contained a photo of Pearl, 38, with a gun to his head. The FBI traced the e-mails, and police captured those who allegedly sent them to the newspapers, but, on February 21, 2002, the U.S. Embassy received a videotape showing Pearl was dead. "The National Response Center for Cyber Crimes will play a key role in the days to come in tracing those terrorists who often use the Internet or prepaid telephone cards to communicate messages to their associates for carrying out acts of terrorism and other purposes," Ahmad said. The special wing has been established at the headquarters of an intelligence agency in Islamabad, Pakistan's capital.
20
Literature Survey
The short reviews to the literature we have gone through are given below:
Article no.1
http://en.wikipedia.org/wiki/Cybercrime An international legal definition is cybercrime that is used by most of the countries in Europe and North America as well as South Africa and Japan was agree in the Convention on Cybercrime that entered into force on 1 July 2004. Although the term cybercrime is usually restricted to describing criminal activity in which the computer or network is an essential part of the crime, this term is also used to include traditional crimes in which computers or networks are used to enable the illicit activity. Examples of cybercrime which the computer or network is a tool of the criminal activity include spamming and criminal copyright crimes, particularly those facilitated through peer-to-peer networks. Examples of cybercrime in which the computer or network is a target of criminal activity include unauthorized access (i.e, defeating access controls), malicious code, and denial-of-service attacks. Examples of cybercrime in which the computer or network is a place of criminal activity include theft of service (in particular, telecom fraud) and certain financial frauds. Finally, examples of traditional crimes facilitated through the use of computers or networks include Nigerian 419 or other gullibility or social engineering frauds (e.g., hacking "phishing", identity theft, child pornography, online gambling, securities fraud, etc.). Cyberstalking is an example of a traditional crime -- harassment -- that has taken a new form when facilitated through computer networks. Additionally, certain other information crimes, including trade secret theft and industrial or economic espionage, are sometimes considered cybercrimes when computers or networks are involved. Cybercrime in the context of national security may involve hacktivism (online activity intended to influence policy), traditional espionage, or information warfare and related activities. One of the recent researches showed that a new cybercrime is being registered every 10 seconds in Britain. During 2006 the computer crooks were able to strike 3.24 million times. Some crimes performed on-line even surpassed their equivalents in real world. In addition, experts believe that about 90% of cybercrimes stay unreported.
21
According to a study performed by Shirley McGuire, a specialist in psychology of the University of San Francisco, the majority of teenagers who hack and invade computer systems are doing it for fun rather than with the aim of causing harm. Shirley McGuire mentioned that quite often parents cannot understand the motivation of the teenage hackers. She performed an anonymous experiment, questioning more than 4,800 students in the area of San Diego. Her results were presented at the American Psychological Association conference: 38% of teenagers were involved in software piracy; 18% of all youngsters confessed of entering and using the information stored on other personal computer or website; 13% of all the participants mentioned they performed changes in computer systems or computer files. The studies revealed that only 1 out of 10 hackers were interested in causing certain harm or earn money. Most teenagers performed illegal computer actions of curiosity, to experience excitement. Many cyber police is getting more complaints about Orkut these days as many fake profiles being created and thus leads to crime.
Write up # 1
There is the new crime of cracking, invading, or snooping into other people or organizations’ computer systems. Opinions differed as to whether merely looking was a crime, especially since earlier hackers often detected security flaws and felt they were being upstanding public citizens in reporting them. Clearly entering a system with criminal intent is another matter. Then there are situations where the crime is old but the system is new, such as Internet fraud scams. Marketing fraud has been around for millennia, telephone scams have been around for decades, and now we have Internet scams. The same is true for pornography and copyright fraud. The third element is about investigation, where the computer serves as a repository of evidence, necessary for successful prosecution of whatever crime is being transacted. What used to be recorded in paper records is unlikely to be recorded except digitally now, and can be destroyed or encrypted remotely.
22
Article # 2: www.wired.com Pakistan Creates Cyber Crime Wing ISLAMABAD, Pakistan --A Pakistani security agency has launched a special wing to combat cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails sent by the kidnappers of American journalist Daniel Pearl a year ago. "The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet and trace those involved in cyber-related crimes," Iftikhar Ahmad, spokesman for Pakistan's Interior Ministry, told the Associated Press on Wednesday. "The importance of this special wing was felt when Daniel Pearl was kidnapped, and his captors started sending e-mails to newspapers," he said. The Wall Street Journal correspondent disappeared on Jan. 23, 2002, from Pakistan's southern city of Karachi. On Jan. 27, 2002, the Journal and other media received an e-mail from a group calling itself the National Movement for the Restoration of Pakistani Sovereignty. The e-mail contained a photo of Pearl, 38, with a gun to his head. The FBI traced the e-mails, and police captured those who allegedly sent them to the newspapers, but, on Feb. 21, 2002, the U.S. Embassy received a videotape showing Pearl was dead. "The National Response Center for Cyber Crimes will play a key role in the days to come in tracing those terrorists who often use the Internet or prepaid telephone cards to communicate messages to their associates for carrying out acts of terrorism and other purposes," Ahmad said. The special wing has been established at the headquarters of an intelligence agency in Islamabad, Pakistan's capital
23
Write up # 5: The Internet is not yet widespread in Pakistan and is moving at a slow and irregular pace, said the French Reporters sans frontier organisation in its second annual report (2003) on cyberspace titled “The Internet under Surveillance: Obstacles to the free flow of information online”.The RSF is a Paris-based watchdog that defends imprisoned journalists and press freedom throughout the world, and protects the public’s right to be informed in accordance with Article 19 of the Universal Declaration of Human Rights. Regarding Pakistan, there are around 500,000 using the services of privately owned ISPs. The Internet is not yet widespread and is still mainly accessed through cyber cafés. It does not seem to be heavily censored. But the Daniel Pearl kidnapping and murder case showed how extremists could use it. The military regime has made every effort to block access to a US-based investigative journalism website. Thus forcing the authorities to establish a cyber crime wing.
24
PROBLEM DEFINITION Statement of Problem
Lots of the people of Pakistan even don’t know exactly what the cyber crime is all about? Even many of us commit cyber crimes by doing fun at the net and we don’t even think of the punishments because we don’t have the knowledge of the cyber laws. We will be researching on:
“Cyber Crimes in Pakistan”
We will be researching in depth in order to find out that: Why cyber crimes exist? What are the consequences of cyber crimes? What are the solutions to get rid of the cyber crimes?
THEORETICAL FRAMEWORK
After the preliminary data gathering and the problem statement, the next step is to examine the critical variables and developing a Theoretical Framework. The critical variables in our study are:
DEPENDENT VARIABLE:
• Cyber Crimes
25
INDEPENDENT VARAIBLES:
1. 2. 3. 4. 5. 6. 7. Greed Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset
MODERATING VARIABLE:
1. security services 2. awareness
INTERVENING VARIABLES:
• Government Policies
RELATIONSHIPS AMONG VARIABLES INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP
Here, our dependent variable is cyber crimes. Since frequency of cyber attacks can vary, it can be positive, neutral or negative, therefore it is a variable, and because it is our subject of interest, it is the Dependent variable. The independent variables in our study are Greed, Power, Publicity, Revenge, Adventure, Desire to access forbidden information, Destructive mindset. cyber crime (dependent variable) is influenced by all these independent variables. There is a positive relationship between these independent variables and the dependent variable.
26
INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP ALONGWITH THE MODERATING VARIABLE:
Here, security services and the awareness is the moderating variable as it has a strong contingent effect on the independent variable-dependent variable relationship. The relationship in any of the independent-dependent variable may change if these factors change.
INTERVENING VARIABLE IN INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP:
The Government policies and efforts surfacing at time t2, when the independent variables were in place at time t1 till their effect is felt on the dependent variable at time t3. The effective the efforts of the government the larger it will effect the relationship between the Independent factors and the dependent factor
HYPOTHESIS DEVELOPMENT Null Hypothesis:
“Cyber crime is not a threat”.
Alternate Hypothesis:
“Cyber crime is a threat”.
If the first hypothesis comes true it will verify that though there is positive relationship between dependent and independent variables due to various government policies cyber crime is not a threat any more .
27
Else, the second option will show that cyber crime is a threat to everyone as government and private policies and measure have decreased it but still is a viable factor.
SCIENTIFIC RESEARCH DESIGN
Under scientific research design we’ll take a look at following titles, which gives us the details of the study.
• • • • • • •
Purpose of the study Types of investigation Extend of researchers interference Study Setting Units of Analysis Sampling Design Time horizon
PURPOSE OF THE STUDY:
Our Study is of hypothesis testing nature .Where are we interested in determining the nature of certain relationship that is, relationship between our dependent and independent variable with in the presence of our intervening and moderating variable.
28
TYPES OF INVESIGATION:
Our study is Co-relational study in nature as in this research we are interested in finding the explanations to different relationships.
EXTENT OF RESEARCHER’S INTERFERNCE:
While conducting this research our participation in investigation was minimal and the entire research work was conducted with in normal setting
STUDY SETTING:
We have conducted this research with in non-contrived setting that is neither any variable was manipulated nor controlled. As our study is co-relational normal settings are chosen for research work
UNIT OF ANALYSIS:
Our unit of analysis is individuals. We have selected 20 individuals who are IT experts or IT students from various organizations and institutions.
29
SAMPING DESIGN:
We have selected 10 individuals randomly as over Sample.
TIME HORIZON:
We have collected the data and have conducted the research at one point in time hence our research work is cross-sectional in nature.
DATA COLLECTION, ANALYSIS AND INTERPRETATION DATA COLLECTION:
I have collected the data relating to the research work of ours from, preliminary data and structured interviews.
SECONDARY DATA COLLECTION:
I have collected the secondary data from websites & have also consulted articles in different IT related websites and magazines.
30
PRIMARY DATA COLLECTION:
I have collected the primary data through structured interviews.
Structured interviews:
I have made a structured interview having the combination of open ended and close ended questions. This constitutes 10 questions in which 2 are close ended questions while 8 of open ended nature. The list of questions is given on next page.
Q1: How would you define Cyber Crime?
Interpretation:
This question was basically put forward to understand how “Cyber Crime” was precieved by different experts. Even though the term does not change its meaning from one place to another but the way in which people define it as per the field of study which they are a part of have a significant effect on the way they define cyber crime. This is evident the minutes of the interview attached with the report. But one thing was common all the respondents that they recognized cybercrimes as a misuse of information technology to achieve on own goals that end up harming the other party
Q2: Do you consider cyber crime as a threat?
31
2.1 2.2
Yes No
10 0
10 10 8 6 4 2 0 YES NO 0
INTERPRETATION: All the respondents no matter from any field of study unanimously agreed that cyber crime is a threat.
32
Q3. Please identify whether the following forms and means (1) occur frequently, (2) occur infrequently, or (3) have not occurred, by placing an “x” as appropriate in the following table: forms and means of cyber-crime Online identity theft (including phishing and online trafficking in false identity information) Hacking (illegal intrusion into computer systems; theft of information from computer systems) Malicious code (worms, viruses, malware and spyware) Illegal interception of computer data Online commission of intellectual property crimes Online trafficking in child pornography Intentional damage to computer systems or data Others Occur frequently Occur infrequently Has not occurred
3.1:Online identity theft:
0 4 6
3.1.1 Occur frequently 3.1.2 Occur infrequently 3.1.3 Has not occurred
6 4 0
33
3.2:Hacking:
3.2.1 Occur frequently 3.2.2 Occur infrequently 3.2.3 Has not occurred
8 2 0
2
0
8
3.3:Malicious code:
3.3.1 Occur frequently 3.3.2 Occur infrequently 3.3.3 Has not occurred
7 3
0
0
3
7
34
3.4: Illegal interception of computer data:
1 4
3.4.1 Occur frequently 3.4.2 Occur infrequently 3.4.3 Has not occurred
4 5 1
5
3.5: Online commission of intellectual property crimes:
3.5.1 Occur frequently 3.5.2 Occur infrequently 3.5.3 Has not occurred
0 6 4
0 4 6
3.6: Online trafficking in child pornography:
3
2 5
3.6.1 Occur frequently 3.6.2 Occur infrequently 3.6.3 Has not occurred
5 3 2
35
3.7: Intentional damage to computer systems or data:
1
3.7.1 Occur frequently 3.7.2 Occur infrequently 3.7.3 Has not occurred
3 6 1
6
3
B. In addition, to the above, if there are there any other forms and means of cyber-crime that have occurred (either frequently or infrequently) in your country, please identify them as well as the frequency with which they occur in the following table.
Interpretation:
36
The respondents were asked if there are any other forms of cyber crimes which they know of that wrere not identified in the A part of the questions , they gave the following answers, • • • • • Hacking pin codes Illegal acess of database Misuse of pictures Spamming through e-mail Using others profiles etc.
Q4
In what way do cyber crime effects you?
Interpretation:
This question was intended toward what effect cyber crime has on the particular field of the experts such as in the case of bankers, they face financial crimes through false debits and credits in computerized accounts. Also identity theft (credit card theft). Or in the case of software companies whose soft are pirated and sold for much less of their original cost. Similar is the case of movie and music industry.
Q5 Can you name any significant event that is considered as a cyber crime?
Interpretation:
37
Many experts named many significant events some of the most significant event which were identified are • • • Y2k Threat Launch of loveletter virus Denial pearl case ( these events have been defined in detail in the preliminary date gathering stage)
Q6
How do you counter it?
Interpretation:
The respondents were asked that how are they able to counter cyber crime the gave many suggestions such as we should not disclose any personal information to any one and especially to strangers. We should use Updated and latest anti-virus software should be used to protect the computer system against virus attacks. While chatting on the net one should avoid sending photographs to strangers along with personal data as it can be misused. Backup volumes of the data should always be kept to prevent loss from virus contamination. Children should be prevented from accessing obscene sites by the parents to protect them from spoiling their mind and career. A credit card number shall never be sent to an unsecured site to prevent fraud or cheating.
Q7
Can you identify any reason as to why cyber crime occur?
Interpretation:
38
The respondents were asked the reasons because of which more and more people are intending to commit cyber crime. The response was there are many reasons because of which people were intended to commit cyber some of the most common reason are • • • • • • • Greed Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset
Q8
What steps the government has taken?
Interpretation:
The resopondents that Pakistani security agency has launched a special wing to combat cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails. The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet and trace those involved in cyber-related crimes.
Q9
Do you consider cyber crime not to be a threat with the implementation of government policies and increase in public awareness?
9.1 9.2
Yes No
1
9 1
9
Yes
No
39
Interpretation:
Most respondents believe that still cyber crime is a immanent threat even in the presence of tough government policies mainly due to the lack to proper implementation.
Q10 Do you want to add any thing to the policies of the government? Interpretation:
The respondents were asked whether they want to include something in the government policies which will decrease if not end cyber crimes.they suggested many solutions which are given at the last part of the report.
DEDUCTION
40
Question No. 2 from the questionnaire were selected to assist in the hypothesis testing.
Null Hypothesis:
“Cyber Crime is not a threat”
Alternate Hypothesis:
“Cyber Crime is a threat”
Result:
Since, the calculated value of chi-square is greater then critical value, so we reject the null hypothesis and hence we accept the alternative hypothesis.
41
Solutions of Cyber Crimes
The Information Technology Act 2000 was passed when the country was facing the problem of growing cyber crimes. Since the Internet is the medium for huge information and a large base of communications around the world, it is necessary to take certain precautions while operating it.
Solutions - the way ahead
The signs are that criminal abuse of computer networks is an increasing problem. There is a need for effective substantive and procedural laws coordinated at global, or at least at European level, to protect the victims of computer-related crime and to bring the offenders to justice. At international level various organisations have co-ordinated or harmonised activities against computer crime. One European Union initiative has concentrated on trying to ensure that minors will not be able to access harmful and illegal content carried over the Internet http://europa.eu.int/ISPO/topics/illegal The European Commission has produced a document on "Combating Computer-related Crime" (COM(2000)890) and it is available on the website: http://europa.eu.int/ISPO/eif/InternetPoliciesSite/Crime/CrimeComEN.pdf From the front lines, the call is for more of everything—more investigators, more funding and more attention from lawmakers and upper management. That call may finally be getting some attention. While obstacles remain, those involved in the cyber-crime fight say there are growing reasons for optimism. Law enforcement agencies are sharing information more often and more widely than ever before. Investigators are more experienced. And, for its part, the technology industry is working on a variety of products that address some fundamental issues behind common cyber-crimes. Evidence that this heightened diligence can turn the tide may be found in the battle against one of the most widespread and insidious forms of cyber-crime: phishing.
42
Through the clever use of company logos, verbatim text and links to convincing replicas of corporate Web sites, phishing scammers entice unsuspecting users to give up private information with appeals bearing titles such as "Problems with your account" and "Account security measures." Despite the pilfered graphics, the messages frequently contain obvious spelling and grammatical errors that can make them more easily identifiable as fakes. However, some of the messages simply ask recipients to follow an embedded link that takes them to an exact replica of the victim company's Web site, where they are then prompted to enter sensitive information. These sorts of attacks are far more difficult to sniff out, especially given that many of them use authentic-looking URLs. In March, there were 402 unique new phishing attacks, a 43 percent increase from the previous month, according to numbers compiled by the Anti-Phishing Working Group, an industry consortium that tracks phishing activity and comprises financial institutions, banks and vendors such as Pass Mark Security LLC, of Woodside, Calif., and Science Applications International Corp., of San Diego. The schemes are getting more sophisticated with attacks that plant Trojan horses and backdoors on users' PCs as soon as users open malicious e-mail messages. "[Phishers] are starting to work with crackers and virus writers. They're sharing code, using common techniques and taking advantage of vulnerabilities to drop something on the machines," said Dan Maier, director of product marketing at Tumbleweed Communications Corp., a provider of secure e-mail solutions based in Redwood City, Calif., and a member of the Anti-Phishing Working Group. "It's very sophisticated code," Maier said. Acknowledging the problem and taking a lead in the effort to thwart such scams, the Department of Justice in April issued a five-page report on phishing, warning consumers and laying out suggested defenses. The report followed similar efforts from the Office of the Comptroller of the Currency at the Federal Deposit Insurance Corp., which urged banks to increase monitoring of phishing-type activities and expand incident-response capabilities to deal with the spike in online fraud. Phishing has the attention of the private sector as well. One of the underlying problems that allow phishing to flourish is that it is hard to determine with any degree of certainty whether the Web site an unsuspecting victim visits is what it claims to be.
43
By using URL redirectors and other means of deceit, scammers can easily hide the true address of their malicious site and make it appear as legitimate as eBay.com or Amazon.com. Identrus LLC, a company that provides identity authentication services to banks and other financial institutions, is working on a solution to the problem. Identrus, whose customer base includes most major U.S. banks, plans to issue "institutional certificates" to its customers and enable those banks to offer client digital certificates to bank customers later this spring. The institutional certificates will allow the banks to prove their identities to their customers digitally and the customers to prove their identities to the banks digitally as well
The primary research concluded certain solutions in order to fight the cyber crimes:
• • • • • • •
Strict laws Should be Imposed for the criminal activities The rate of awareness should be raised about the laws and punishments Use of firewalls should be mandatory Use of anti virus software’s should be encouraged Special training should be given to the cyber police The use of routers at the macro level There must be a system for the IP scan check for the identification purposes.
44
CONCLUSION
• • •
The onus is on educational institutions to foster best practice in the use of information technology. Most computer crime is not detected and is difficult to quantify. It does seem to be a growing world-wide problem. It is clear that in the area of Information Technology new types of crime have emerged as well as the commission of traditional crimes by means of the new technologies.
• •
Although passing laws relating to the Internet is relatively easy, enforcement can be very hard. Perpetrators of computer crime usually exploit weakness in the systems either being used or attacked. Inadequate security procedures - physical, organisational and logical - continue to feature in the vast majority of examples of computer crime
• • • • •
The Pakistan cyber laws are not known to the majority of people and also been termed as inefficient. The most destructive cyber crime prevailing in Pakistan is cyber pornography and hardware viruses. The most obvious reasons of cyber crimes are greed, power, revenge, adventure and publicity. The consequences can be serious threats to the e-business. Communication sector and banking sector. The wide use of pornographic websites is heading to destroy our cultural values.
45
RECOMMENDATION
Any person who operates the net and being exposed to cyber crimes should always abide by and following principles: • • • • • • • • • • • • He should not disclose any personal information to any one and especially to strangers. Updated and latest anti-virus software should be used to protect the computer system against virus attacks. While chatting on the net one should avoid sending photographs to strangers along with personal data as it can be misused. Backup volumes of the data should always be kept to prevent loss from virus contamination. Children should be prevented from accessing obscene sites by the parents to protect them from spoiling their mind and career. A credit card number shall never be sent to an unsecured site to prevent fraud or cheating. Effort shall be made to make a security code and program to guard the computer system from misuse. Routers and firewalls can be used to protect the computer network. A check should be kept on the functioning of cyber cafes and any mishappening shall be reported to the concerned authorities. Efforts should be made to discourage misuse of computers and access to unauthorized data. Strict cyber laws should be formulated and implemented to fight against cyber criminals. A guide book of cyber crimes should be made available to common user for the awareness purpose.
46
REFRENCES
• • • • • • • •
Electronic Crime Unit to be set up The News, By A H Khanzada 5/12/2003 http://www.jang-group.com/thenews/may2003-daily/12-052003/metro/k3.htm FBI training FIA officers on cyber crime, By A Khan, Thursday, September 30, 2004,/www.dailytimes.com.pk/default.asp? date9/30/2004%208:02:35%20PM Information Technology Law Third edition - By Ian Lloyd, - Reed Elsevier (UK) Ltd 2000 Law and The Internet - Regulating Cyberspace, edited by Lillian Edwards and Charlotte Wealde, Oxford: Hart Publishing, 1997 Audit Commission Report 2001 - Your Business@Risk - an update on IT abuse 2001, ISBN 1862402892 Computer Security Institute - CSI/FBI Computer Crime and Security Survey, 2001 - http://www.gocsi.com/prelea/000321.html Harassment Law in the UK - Neil Addison at: http://www.harassmentlaw.co.uk/msindex.htm The European Union On-Line: - http://europa.eu.int/rapid/start/cgi/guesten.ksh? p_action.gettxt=gt&doc=IP/01/273|0|RAPID&lg=EN guesten.ksh?p_action.gettxt=gt&doc=IP/01/273|0|RAPID&lg=EN Council of Europe Publishing - http://conventions.coe.int/ BBC News - http://news.bbc.co.uk/ Cisco Systems, Inc. - http://www.cisco.com/ Siemens Communications Limited - http://www.siemenscomms.co.uk/ Her Majesty's Stationery Office - http://www.hmso.gov.uk/ The Copyright Licensing Agency Ltd - http://www.cla.co.uk/ The University of Texas System http://www.utsystem.edu/ogc/intellectualproperty/napster.htm Internet Watch Foundation - http://www.iwf.org.uk/ The Joint Information Systems Committee (JISC) - http://www.jisc.ac.uk/ University of Miami website- http://www.miami.muohio.edu/ University of Denver website - http://www.du.edu/ The Educational Institute of Scotland - (EIS) - http://www.eis.org.uk/ ZDNet technology - http://www.zdnet.com/ The International Organization for Standardization (ISO) http://www.iso.ch/ The National Hi-Tech Crime Unit http://www.nationalcrimesquad.police.uk/nhtuc/background.html A. Koryagin, Computer and internet technologies crimes: urgency and problems of fighting with them. - http://www.crime-research.ru/library/Koragin.html
•
47
• • • • •
V. Golubev, Investigating Computer crime / Monograph - Zaporozhye: University of Humanities “ZIGMU”, 2002 T. Tropina, Cyber criminality and terrorism, - http://www.crimeresearch.ru/library/Tropina.html. J. Baturin, A. Zhodzinski, Computer crimes and security - Moscow: Jurid. Lit, 1991, p. 18-34. B. Vehov, Computer crimes: ways of commitment and investigation methods – Moscow: 1996, p. 49-105 . V. Golubev, J. Urchenko, Computer information crimes: ways of commitment and protection – edited O. Snigeryov, V. Martuzaev – Zaporizhzhya: Pavel, 1998, p.45. V. Sergeev, Computer crimes in banking – Banking, 1997, #2, p.27-28. Rodionov, A. Kuznetzov, High-tech crimes investigating – Bulletin of the Ministry of Internal Affairs of Russian Federation, 1999, #6, p.67. V. Sergeev, Computer crimes in banking – Banking, 1997, #2, p.27-28
• • •
48
All the praise to Almighty Allah the most beneficent and merciful who gave us this opportunity to compile this research report. I am very thankful to course instructor Dr. Shabib ul Hasan who remained very cooperative and helpful throughout this work. He just did not make my concepts clear but gave me vivid direction and east path to compile this report. I hope that he will continue to guide me in this way in future. This report is the combination of lot of sincere hard work and dedication. This report is the result of valuable ideas and suggestions given by IT experts and MS students. They all were very cooperative and helpful through this research report. I am also very thankful to my class fellows who were very supportive to make the things easy, as it was very strenuous task. I will highly appreciate any suggestion for improvement in this report or any other queries regarding this report and its contents from everyone especially from my companions and well wishers. As nothing is perfect in this world and there is always a room for improvement.
2
PRELIMINARY DATA GATHERING
Table of Contents
Sr. No# 1 2 3 TOPICS Page No# 4 5 6 6 7 14 16 21 25 25 26 27 28 30 41 42 45 46 47
Abstract
Observation Preliminary data gathering • • • • Introduction Cyber Crime: An Overview Cyber Crimes In Developing & Developed Countries Cyber Crimes In Pakistan:
4 5 6 7 8 9 10 11 12 13 14 15
Literature Survey Problem Definition Theoretical Framework Relationships Among Variables Hypothesis Development Scientific Research Design Data Collection, Analysis And Interpretation Deduction Solutions Of Cyber Crimes Conclusion
Recommendation References
3
ABSTRACT
RESEARCH METHODOLOGY The first section of the report include the observation, objective of the research as to why we are doing this research, preliminary data gathered to have a clear knowledge of the following research, theoretical framework in which all the possible variables are defined along with this hypothesis is also generated in the form of statements, scientific research design which includes information about sampling and data collection procedures.
PRESENTATION AND ANALYSIS OF DATA This section extracts and displays all the data that was collected in the conclusive research and presents this in the form of close cross tabulations, graphs and pie charts to simplify interpretation. We have used Microsoft excel for the calculations.
RESEARCH RESULTS: This section includes the analysis of data ad draws results based on them. This includes basic research findings, conclusions and recommendation according to the data collected and analyzed.
4
OBSERVATION
The information infrastructure is increasingly under attack by cyber criminals. The number, cost, and sophistication of attacks are increasing at alarming rates. Worldwide aggregate annual damage from attacks is now measured in billions of U.S. dollars. Attacks threaten the substantial and growing reliance of commerce, governments, and the public upon the information infrastructure to conduct business, carry messages, and process information. Most significant attacks are transnational by design, with victims throughout the world. Measures thus far adopted by the private and public sectors have not provided an adequate level of security. While new methods of attack have been accurately predicted by experts and some large attacks have been detected in early stages, efforts to prevent or deter them have been largely unsuccessful, with increasingly damaging consequences. Information necessary to combat attacks has not been timely shared. Investigations have been slow and difficult to coordinate. Some attacks gets birth in Pakistan that lack adequate laws governing deliberate destructive conduct. Efforts shall be made to make a security code and program to guard the computer system from misuse, routers and firewalls can be used to protect the computer network. A check should be kept on the functioning of cyber cafes and any mishappening shall be reported to the concerned authorities. Strict cyber laws should be formulated and implemented to fight against cyber criminals.
5
PRELIMINARY DATA GATHERING
1. INTRODUCTION: Before evaluating the concept of cyber crime it is obvious that the concept of conventional crime be discussed and the points of similarity and deviance between both these forms may be discussed.
CONVENTIONAL CRIME:
Crime is a social and economic phenomenon and is as old as the human society. Crime is a legal concept and has the sanction of the law. Crime or an offence is a legal wrong that can be followed by criminal proceedings which may result into punishment. The hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin “the criminal quality of an act cannot be discovered by reference to any standard but one: is the act prohibited with penal consequences”. A crime may be said to be any conduct accompanied by act or omission prohibited by law and consequential breach of which is visited by penal consequences.
1.1 Background of Study
CYBER CRIME Cyber crime is the latest and perhaps the most complicated problem in the cyber world. Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime. Per Lord Atkin “Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime” A generalized definition of cyber crime may be “unlawful acts wherein the computer is either a tool or target or both”. The computer may be used as a tool in the following kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following casesunauthorized access to computer/ computer system/ computer networks, theft of
6
information contained in the electronic form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
DISTINCTION BETWEEN CONVENTIONAL AND CYBER CRIME There is apparently no distinction between cyber and conventional crime. However on a deep introspection we may say that there exists a fine line of demarcation between the conventional and cyber crime, which is appreciable. The demarcation lies in the involvement of the medium in cases of cyber crime. The sine qua non for cyber crime is that there should be an involvement, at any stage, of the virtual cyber medium
2. Cyber Crime: An Overview
The growing danger from crimes committed against computers, or against information on computers, is beginning to claim attention in national capitals. In most countries around the world, however, existing laws are likely to be unenforceable against such crimes. This lack of legal protection means that businesses and governments must rely solely on technical measures to protect themselves from those who would steal, deny access to, or destroy valuable information.
2.1 Historical Background:
The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage. In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime! Today, computers have come a long way, what with neural networks and nanocomputing promising to turn every atom in a glass of water into a computer capable of performing a billion operations per second.
7
Cyber crime is an evil having its origin in the growing dependence on computers in modern life. In a day and age when everything from microwave ovens and refrigerators to nuclear power plants is being run on computers, cyber crime has assumed rather sinister implications.
2.2 Types of Cyber Crimes
Let us examine the acts wherein the computer is a tool for an unlawful act. This kind of activity usually involves a modification of a conventional crime by using computers. Some examples are:
Financial crimes
This would include cheating, credit card frauds, money laundering etc. Misappropriation of funds by manipulation of computer records was reported, wherein Punjab National Bank was cheated to the tune of Rs. 1.39 crores through false debits and credits in computerized accounts. In another case, Rs. 2.5 lakhs were misappropriated from Bank of Baroda through falsification of computerized bank accounts.
Sale of illegal articles:
This would include sale of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. E.g. many of the auction sites even in India are believed to be selling cocaine in the name of ‘honey’.
Online gambling:
There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering.
Intellectual Property crimes
These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc.
Email spoofing
A spoofed email is one that appears to originate from one source but actually has been sent from another source. E.g. Faraz has an e-mail address [email protected]. Her enemy, Sameer spoofs her e-mail and sends obscene messages to all her acquaintances.
8
Since the e-mails appear to have originated from Faraz, her friends could take offence and relationships could be spoiled for life. Email spoofing can also cause monetary damage.
Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. Outside many colleges across Pakistan, one finds touts soliciting the sale of fake mark sheets or even certificates. These are made using computers, and high quality scanners and printers. In fact, this has becoming a booming business involving thousands of Rupees being given to student gangs in exchange for these bogus but authentic looking certificates.
Cyber Defamation:
This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person’s friends.
Cyber stalking:
The Oxford dictionary defines stalking as “pursuing stealthily”. Cyber stalking involves following a person’s movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc. Now, let us examine some of the acts wherein the computer is the target for an unlawful act. It may be noted that in these activities the computer may also be a tool. This kind of activity usually involves sophisticated crimes usually out of the purview of conventional criminal law. Some examples are:
Unauthorized access to computer systems or networks:
This activity is commonly referred to as hacking. An active hackers’ group, led by one “Dr. Nuker”, who claims to be the founder of Pakistan Hackers Club, reportedly hacked the websites of the Indian Parliament, Ahmedabad Telephone Exchange, Engineering Export Promotion Council, and United Nations (India).
Theft of information contained in electronic form
This includes information stored in computer hard disks, removable storage media etc.
9
Data diddling
This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity Boards in Pakistan have been victims to data diddling programs inserted when private parties were computerizing their systems.
Salami attacks
These attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed. E.g. a bank employee inserts a program, into the bank’s servers, that deducts a small amount of money (say Rs. 5 a month) from the account of every customer. No account holder will probably notice this unauthorized debit, but the bank employee will make a sizeable amount of money every month.
Denial of Service attack
This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource. Another variation to a typical denial of service attack is known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are many and are geographically widespread. It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim’s computer(s), exceeding the limit that the victim’s servers can support and making the servers crash. Denial-of-service attacks have had an impressive history having, in the past, brought down websites like Amazon, CNN, Yahoo and eBay!
Virus / worm attacks
Viruses are programs that attach themselves to a computer or a file and then circulate themselves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it. Worms, unlike viruses do not need the host to attach themselves to. They merely make functional copies of themselves and do this repeatedly till they eat up all the available space on a computer’s memory. The VBS_LOVELETTER virus (better known as the Love Bug or the ILOVEYOU virus) was reportedly written by a Filipino undergraduate.
Logic bombs
These are event dependent programs. This implies that these programs are created to do something only when a certain event (known as a trigger event) occurs. E.g. even some viruses may be termed logic bombs because they lie dormant all through the year and become active only on a particular date (like the Chernobyl virus).
10
Trojan attacks
A Trojan as this program is aptly called is an unauthorized program which functions from inside what seems to be an authorized program, thereby concealing what it is actually doing. There are many simple ways of installing a Trojan in someone’s computer.
Internet time theft
This connotes the usage by an unauthorized person of the Internet hours paid for by another person.
Web jacking
This occurs when someone forcefully takes control of a website (by cracking the password and later changing it). The actual owner of the website does not have any more control over what appears on that website.
Theft of computer system
This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer.
Physically damaging a computer system
This crime is committed by physically damaging a computer or its peripherals.
TOOLS AND TECHNIQUES OF CYBER CRIME
Unauthorized Access
“Access” is defined in Section 2(1) (a) of the Information Technology Act as “Gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network”. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Thus not only would accessing a server by cracking its password authentication system be unauthorized access, switching on a computer system without the permission of the person in charge of such a computer system would also be unauthorized access. Packet sniffing, tempest attack, password cracking and buffer overflow are common techniques used for unauthorized access.
11
Viruses
A computer virus is a computer program that can infect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of it. Note that a program does not have to perform outright damage (such as deleting or corrupting files) in order to be called a "virus".
2.3 Email related crime
Email has fast emerged as the world’s most preferred form of communication. Billions of email messages traverse the globe daily. Like any other form of communication, email is also misused by criminal elements. The ease, speed and relative anonymity of email has made it a powerful tool for criminals. Some of the major email related crimes are: 1. Email spoofing 2.Sending malicious codes through email 3.Emailbombing 4. Sending threatening emails 5. Defamatory emails 6. Email frauds
1. Email spoofing
A spoofed email is one that appears to originate from one source but has actually emerged from another source. Email spoofing is usually done by falsifying the name and / or email address of the originator of the email. Usually to send an email the sender has to enter the following information: i. Email address of the receiver of the email ii. Email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy) iii. Email address(es) of the person(s) who will receive a copy of the email (referred to as CC for carbon copy, but whose identities will not be known to the other recipients of the e-mail (known as BCC for blind carbon copy) iv. Subject of the message (a short title / description of the message) v. Message Certain web-based email services like www.SendFakeMail.com, offer a facility wherein in addition to the above, a sender can also enter the email address of the purported sender of the email.
12
2. Spreading Trojans, viruses and worms
Emails are often the fastest and easiest ways to propagate malicious code over the Internet. The Love Bug virus, for instance, reached millions of computers within 36 hours of its release from the Philippines thanks to email. Hackers often bind Trojans, viruses, worms and other computer contaminants with egreeting cards and then email them to unsuspecting persons. Such contaminants can also be bound with software that appears to be an anti-virus patch. E.g. a person receives an email from [email protected] (this is a spoofed email but the victim does not know this). The email informs him that the attachment contained with the email is a security patch that must be downloaded to detect a certain new virus. Most unsuspecting users would succumb to such an email (if they are using a registered copy of the McAffee anti-virus software) and would download the attachment, which actually could be a Trojan or a virus itself!
3. Email bombing
Email bombing refers to sending a large number of emails to the victim resulting in the victim’s email account (in case of an individual) or servers (in case of a company or an email service provider) crashing. A simple way of achieving this would be to subscribe the victim’s email address to a large number of mailing lists. Mailing lists are special interest groups that share and exchange information on a common topic of interest with one another via email. Mailing lists are very popular and can generate a lot of daily email traffic – depending upon the mailing list. Some generate only a few messages per day others generate hundreds. If a person has been unknowingly subscribed to hundreds of mailing lists, his incoming email traffic will be too large and his service provider will probably delete his account. The simplest email bomb is an ordinary email account. All that one has to do is compose a message, enter the email address of the victim multiple times in the “To” field, and press the “Send” button many times. Writing the email address 25 times and pressing the “Send” button just 50 times (it will take less than a minute) will send 1250 email messages to the victim! If a group of 10 people do this for an hour, the result would be 750,000 emails! There are several hacking tools available to automate the process of email bombing. These tools send multiple emails from many different email servers, which make it very difficult, for the victim to protect himself.
13
4. Threatening emails
Email is a useful tool for technology savvy criminals thanks to the relative anonymity offered by it. It becomes fairly easy for anyone with even a basic knowledge of computers to become a blackmailer by threatening someone via e-mail.
5. Defamatory emails
As has been discussed earlier cyber-defamation or even cyber-slander as it is called can prove to be very harmful and even fatal to the people who have been made its victims.
6. Email Frauds
Email spoofing is very often used to commit financial crimes. It becomes a simple thing not just to assume someone else’s identity but also to hide one’s own. The person committing the crime understands that there is very little chance of his actually being identified.
3. Cyber Crimes in Developing & Developed Countries
A comparative analysis of cyber crimes in developing & developed countries. G8 wages war on cyber crime is described below where as for the study of the developing countries I have taken India, China, and Bangladesh into consideration.
3.1 Cyber Crimes in Developed Countries
G8 wages war on cyber-crime
Ministers from the eight major industrialized nations, the G8, have agreed on a plan to fight international computer crime. The move follows a meeting in Washington of the interior and justice ministers of Britain, Canada, France, Germany, Italy, Japan, Russia and the United States. The US Attorney-General, Janet Reno, said criminals were no longer restricted by national boundaries and all countries had to act together if they wanted to combat cybercrime. "With emerging technologies, no longer will we have to fight 21st century crimes with 19th century tools," she said. "Today is an important day in fighting computer crime, and in laying the groundwork for the next century of crime fighting."
14
The agreement aims to tackle the following forms of cyber crime:
• • • • •
pedophilia drug-trafficking money-laundering electronic fraud such as theft of credit card numbers, money-laundering and computerized piracy industrial and state espionage
The most important measure to tackle these offences is a commitment to train law enforcement officials in the tools of the cyber trade, and to co-ordinate prosecution efforts so that countries know where to try a cyber criminal. Ministers also pledged to create a 24-hour-a-day contact service to help national police forces respond quickly and in a concerted manner to fast-moving cyber-criminals. Other measures in the ten-point action plan include judicial co-operation and agreements on extradition, hastening the progress of mutual agreements, speeding up communication, provision of standards for secure telecommunications and developing forensic standards for retrieving electronic data .
3.2 Cyber Crimes in Developing Countries
I have taken India, China, and Bangladesh to study the cyber crimes in these developing countries.
India: Cyber Crimes
India has recently launched a computer crime research centre to control the rate of cyber crimes. The crimes have however gained momentum in India only in the recent past. As an upshot, the Indian Parliament gave effect to a resolution of the General Assembly of the United Nations for adoption of a Model Law on Electronic Commerce. The consequence was the passing of Information Technology Act 2000. The Act aims to regulate and legalize E-Commerce and take cognizance of offences arising there from.
In India the following types of cyber crimes exist and are increasing at a rapid pace namely: financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The computer may however be target for unlawful acts in the following casesunauthorized access to computer/ computer system/ computer networks, theft of information contained in the electronic form, e-mail bombing, data didling, salami
15
attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer system, physically damaging the computer system.
4. Cyber Crimes in Pakistan:
The primary research based on the 20 sample study of the IT experts, found that currently the rate of the cyber crimes in Pakistan is not that much high as comparison to USA or other developed countries. Research found that the common types of cyber crimes which exist in Pakistan are stated as follows: 1. Financial crimes 2. Cyber pornography 3. Sale of illegal articles 4. Online gambling 5. Intellectual Property crimes 6. Email spoofing 7. Cyber stalking 8. Forgery 9. Unauthorized Access to computer systems\networks 10. Theft of information contained in electronic form 11. Virus\ Worm Attacks 12. Logic Bombs 13. Trojan Attacks 14. Internet Time theft 15. Password Cracking 16. Buffer Overflow
4.1 Internet use is not widespread in Pakistan
The Internet is not widespread in Pakistan and is moving at a slow and irregular pace, said the French Reporters sans frontières (Reporters Without Borders) organisation in its second annual report (2003) on cyberspace titled “The Internet under Surveillance: Obstacles to the free flow of information online”.The RSF is a Paris-based watchdog that defends imprisoned journalists and press freedom throughout the world, and protects the public’s right to be informed in accordance with Article 19 of the Universal Declaration of Human Rights. The report says the Internet is the bane of all dictatorial regimes, but even in democracies such as the United States, Britain and France, new anti-terrorism laws have tightened government control of it and undermined the principle of protecting journalistic sources. The report is about attitudes towards the Internet by the powerful in 60 countries, between spring 2001 and spring 2003. The preface is by Vinton G Cerf, often called the ‘father’ of the Internet.
16
The number of Internet users in China, the report says, doubles every six months and the number of Chinese websites doubles every year. But this dizzying expansion of cyberspace is matched by government efforts to control, censor and repress it with harsh laws, jailing cyber-dissidents, blocking access to websites, spying on discussion forums and shutting down cyber cafés. Regarding Pakistan, the reports said, there are around 500,000 using the services of privately owned ISPs. The Internet is not yet widespread and is still mainly accessed through cyber cafés. It does not seem to be heavily censored. But the Daniel Pearl kidnapping and murder case showed how extremists could use it. The military regime has made every effort to block access to a US-based investigative journalism website. With only a half a million Internet users, Pakistan is quite behind in new information technology. This is mainly because of the country’s large size and low level of economic development, including only a few million private phone lines, mostly in big cities. General Pervez Musharraf’s government appears to favour its growth, even though on the day he seized power, 12 October 1999, the army cut off all Internet connections for several hours, and in July 2002, the Pakistan Telecommunications Authority (PTA) tried to force cyber cafés owners to record the names of their customers. The report says, “Gen Musharraf says his government has invested more than 100 million euros in communications and sharply reduced the cost of connections and services since 1999. Pakistan has since launched a programme to boost digital technology, the information technology with an efficient telecom policy.”Slow and difficult development: The new policy has led the government to cut Internet connection costs and invest in telecommunications infrastructure, while putting the Internet under the direct supervision of the PTA. The state’s monopoly in the sector ended in December 2001 but big Internet operators such as AOL are reluctant to invest in a country where scant profits are to be made. For the time being, Pakistanis are enthusiastically using cyber cafés, which are everywhere in the cities. In Peshawar, a new one opens nearly every day. The Pakistan Telecommunication Company (PTCL) announced on April 2, 2003 that 400 new sites with “indecent” content had been added to an earlier list of 100 banned websites and asked Internet operators to block access to them. ISPs said the move would slow down Internet access. A senior PTCL official, Zahir Khan, said on April 6, 2003, that access to nearly 1,800 pornographic sites had been banned and that the PTCL was thinking of importing software to make it easier to do. Also targeted were “anti- Islamic” and “blasphemous” sites. The PTCL admitted the blocking would temporarily slow down Internet navigation but said it was necessary because of what it called ‘the great threat to society’ from such sites. Mairaj-ul-Huda, a leader of the Jamaat-e-Islami party, welcomed the moves and said the electronic media had to be reformed to bring them in line with the country’s culture and religion so that young people would not be tempted by such evil. Pak-India cyber war: The Pakistani government set up a special inter-ministerial committee in May 2003 to counter increasing attacks on government websites by Indian
17
hackers who were making them inaccessible. Information technology minister Awais Ahmad Khan Leghari said that if the attackers were identified, the government would take the matter to the relevant international authorities to seek punishment for them. The previous month, he had said the government was thinking of hiring its own hackers to fight the Indian attacks.
4.2 Electronics Crimes Unit
An Electronics Crimes Unit (ECU) will be established soon in Sindh Police Department to deal with the cyber and electronics crimes. The Inspector General of Police (IGP) Sindh, Syed Kamal Shah Has issued orders to this effect, without taking any proper Arrangement, sources disclosed. Electronics and cyber crimes are the yield of high tech-era, which must be dealt with the same sort of expertise and sophistication, to unearth crimes, fix the responsibilities, and to make headway. It is Very necessary for persons who are investigating the cases of Electronics and cyber crimes that they should know each and every Technicality of the subject like an expert. Sindh police chief's order for setting-up the ECU, appears a mere lip-service. Without cyber cops, cyber judges, cyber advocates, etc one wonders how cyber criminals would be arrested, and how investigations would be conducted to nab the accused persons. It has yet to be decided who would conduct hearing of cyber crime cases and who would be competent to decide them, or whether the person implicated is indeed involved in the crime or not. Reports indicate that in the history of Pakistan, there had been only three cases of cyber crime reported so far. two of these cases were investigated by the defunct Crimes Branch of Sindh Police, and the third one was a very high profile case, in which a US journalist Daniel Pearl was reportedly kidnapped and later assassinated by unknown persons. Later, some accused persons including a British national were arrested in this case as their involvement was detected purely through high-tech means. Although the case of the US journalist Daniel Pearl was decided by the learned court, the persons who had been implicated in the crime earlier by the police through cyber means, were the same who were sentenced by the court. If any investigator were to look deeply into these cases he would see on technical grounds that the evidences gathered by the police investigators in the Daniel Pearl case were not sufficient enough to fix the responsibilities on the accused persons.
18
Technical evidences must be examined in the light of Articles 6 and 7 of the Evidence Act, under which condition a question would be raised whether the evidences presented before the court in the Daniel Pearl case were justified or not. It might be the government policy, but it remains a fact that gathering and presentation and acceptance of evidences were not smooth and transparent. Clearly, the police officials who investigated the crime were not bearing any expertise to deal with cyber crimes at all. Whatever the learned court had decided is acceptable to all but one question remains very pertinent about the validity of the investigation itself which had been carried out without properly-trained officials, who were certainly not cyber cops in this case. Moreover, the court which examined the case was not presided by a cyber judge, which was Certainly a need of the case. It should be recalled here that so far no legislation had been enacted in the country to deal with cases of cyber crimes. It is also worth mentioning here that few multinational banks operating in Pakistan had offered their services time and again to the high police officials for training and provision of the equipment required to deal with the cyber crimes. More than half a dozen meetings in this Connections were held with the former IGP Aftab Nabi, but they yielded no result. Sources close to fraud control units of the different multinational banks disclosed that they had also approached the IGP Syed Kamal Shah, but to no avail. Now, the orders for establishing the ECU were given in writing by none other than the IGP Sindh himself to his subordinates who are undergoing the course of proper formalities, but their implementation has yet to materialise.
19
4.3 Pakistan sets up cyber crime wing
ISLAMABAD, Pakistan (AP) -- A Pakistani security agency has launched a special wing to combat cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails sent by the kidnappers of American journalist Daniel Pearl a year ago. "The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet and trace those involved in cyber-related crimes," Iftikhar Ahmad, spokesman for Pakistan's Interior Ministry, told The Associated Press on Wednesday. "The importance of this special wing was felt when Daniel Pearl was kidnapped, and his captors started sending e-mails to newspapers," he said. The Wall Street Journal correspondent disappeared on January 23, 2002 from Pakistan's southern city of Karachi. On January 27, 2002, the Journal and other media received an e-mail from a group calling itself the National Movement for the Restoration of Pakistani Sovereignty. The email contained a photo of Pearl, 38, with a gun to his head. The FBI traced the e-mails, and police captured those who allegedly sent them to the newspapers, but, on February 21, 2002, the U.S. Embassy received a videotape showing Pearl was dead. "The National Response Center for Cyber Crimes will play a key role in the days to come in tracing those terrorists who often use the Internet or prepaid telephone cards to communicate messages to their associates for carrying out acts of terrorism and other purposes," Ahmad said. The special wing has been established at the headquarters of an intelligence agency in Islamabad, Pakistan's capital.
20
Literature Survey
The short reviews to the literature we have gone through are given below:
Article no.1
http://en.wikipedia.org/wiki/Cybercrime An international legal definition is cybercrime that is used by most of the countries in Europe and North America as well as South Africa and Japan was agree in the Convention on Cybercrime that entered into force on 1 July 2004. Although the term cybercrime is usually restricted to describing criminal activity in which the computer or network is an essential part of the crime, this term is also used to include traditional crimes in which computers or networks are used to enable the illicit activity. Examples of cybercrime which the computer or network is a tool of the criminal activity include spamming and criminal copyright crimes, particularly those facilitated through peer-to-peer networks. Examples of cybercrime in which the computer or network is a target of criminal activity include unauthorized access (i.e, defeating access controls), malicious code, and denial-of-service attacks. Examples of cybercrime in which the computer or network is a place of criminal activity include theft of service (in particular, telecom fraud) and certain financial frauds. Finally, examples of traditional crimes facilitated through the use of computers or networks include Nigerian 419 or other gullibility or social engineering frauds (e.g., hacking "phishing", identity theft, child pornography, online gambling, securities fraud, etc.). Cyberstalking is an example of a traditional crime -- harassment -- that has taken a new form when facilitated through computer networks. Additionally, certain other information crimes, including trade secret theft and industrial or economic espionage, are sometimes considered cybercrimes when computers or networks are involved. Cybercrime in the context of national security may involve hacktivism (online activity intended to influence policy), traditional espionage, or information warfare and related activities. One of the recent researches showed that a new cybercrime is being registered every 10 seconds in Britain. During 2006 the computer crooks were able to strike 3.24 million times. Some crimes performed on-line even surpassed their equivalents in real world. In addition, experts believe that about 90% of cybercrimes stay unreported.
21
According to a study performed by Shirley McGuire, a specialist in psychology of the University of San Francisco, the majority of teenagers who hack and invade computer systems are doing it for fun rather than with the aim of causing harm. Shirley McGuire mentioned that quite often parents cannot understand the motivation of the teenage hackers. She performed an anonymous experiment, questioning more than 4,800 students in the area of San Diego. Her results were presented at the American Psychological Association conference: 38% of teenagers were involved in software piracy; 18% of all youngsters confessed of entering and using the information stored on other personal computer or website; 13% of all the participants mentioned they performed changes in computer systems or computer files. The studies revealed that only 1 out of 10 hackers were interested in causing certain harm or earn money. Most teenagers performed illegal computer actions of curiosity, to experience excitement. Many cyber police is getting more complaints about Orkut these days as many fake profiles being created and thus leads to crime.
Write up # 1
There is the new crime of cracking, invading, or snooping into other people or organizations’ computer systems. Opinions differed as to whether merely looking was a crime, especially since earlier hackers often detected security flaws and felt they were being upstanding public citizens in reporting them. Clearly entering a system with criminal intent is another matter. Then there are situations where the crime is old but the system is new, such as Internet fraud scams. Marketing fraud has been around for millennia, telephone scams have been around for decades, and now we have Internet scams. The same is true for pornography and copyright fraud. The third element is about investigation, where the computer serves as a repository of evidence, necessary for successful prosecution of whatever crime is being transacted. What used to be recorded in paper records is unlikely to be recorded except digitally now, and can be destroyed or encrypted remotely.
22
Article # 2: www.wired.com Pakistan Creates Cyber Crime Wing ISLAMABAD, Pakistan --A Pakistani security agency has launched a special wing to combat cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails sent by the kidnappers of American journalist Daniel Pearl a year ago. "The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet and trace those involved in cyber-related crimes," Iftikhar Ahmad, spokesman for Pakistan's Interior Ministry, told the Associated Press on Wednesday. "The importance of this special wing was felt when Daniel Pearl was kidnapped, and his captors started sending e-mails to newspapers," he said. The Wall Street Journal correspondent disappeared on Jan. 23, 2002, from Pakistan's southern city of Karachi. On Jan. 27, 2002, the Journal and other media received an e-mail from a group calling itself the National Movement for the Restoration of Pakistani Sovereignty. The e-mail contained a photo of Pearl, 38, with a gun to his head. The FBI traced the e-mails, and police captured those who allegedly sent them to the newspapers, but, on Feb. 21, 2002, the U.S. Embassy received a videotape showing Pearl was dead. "The National Response Center for Cyber Crimes will play a key role in the days to come in tracing those terrorists who often use the Internet or prepaid telephone cards to communicate messages to their associates for carrying out acts of terrorism and other purposes," Ahmad said. The special wing has been established at the headquarters of an intelligence agency in Islamabad, Pakistan's capital
23
Write up # 5: The Internet is not yet widespread in Pakistan and is moving at a slow and irregular pace, said the French Reporters sans frontier organisation in its second annual report (2003) on cyberspace titled “The Internet under Surveillance: Obstacles to the free flow of information online”.The RSF is a Paris-based watchdog that defends imprisoned journalists and press freedom throughout the world, and protects the public’s right to be informed in accordance with Article 19 of the Universal Declaration of Human Rights. Regarding Pakistan, there are around 500,000 using the services of privately owned ISPs. The Internet is not yet widespread and is still mainly accessed through cyber cafés. It does not seem to be heavily censored. But the Daniel Pearl kidnapping and murder case showed how extremists could use it. The military regime has made every effort to block access to a US-based investigative journalism website. Thus forcing the authorities to establish a cyber crime wing.
24
PROBLEM DEFINITION Statement of Problem
Lots of the people of Pakistan even don’t know exactly what the cyber crime is all about? Even many of us commit cyber crimes by doing fun at the net and we don’t even think of the punishments because we don’t have the knowledge of the cyber laws. We will be researching on:
“Cyber Crimes in Pakistan”
We will be researching in depth in order to find out that: Why cyber crimes exist? What are the consequences of cyber crimes? What are the solutions to get rid of the cyber crimes?
THEORETICAL FRAMEWORK
After the preliminary data gathering and the problem statement, the next step is to examine the critical variables and developing a Theoretical Framework. The critical variables in our study are:
DEPENDENT VARIABLE:
• Cyber Crimes
25
INDEPENDENT VARAIBLES:
1. 2. 3. 4. 5. 6. 7. Greed Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset
MODERATING VARIABLE:
1. security services 2. awareness
INTERVENING VARIABLES:
• Government Policies
RELATIONSHIPS AMONG VARIABLES INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP
Here, our dependent variable is cyber crimes. Since frequency of cyber attacks can vary, it can be positive, neutral or negative, therefore it is a variable, and because it is our subject of interest, it is the Dependent variable. The independent variables in our study are Greed, Power, Publicity, Revenge, Adventure, Desire to access forbidden information, Destructive mindset. cyber crime (dependent variable) is influenced by all these independent variables. There is a positive relationship between these independent variables and the dependent variable.
26
INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP ALONGWITH THE MODERATING VARIABLE:
Here, security services and the awareness is the moderating variable as it has a strong contingent effect on the independent variable-dependent variable relationship. The relationship in any of the independent-dependent variable may change if these factors change.
INTERVENING VARIABLE IN INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP:
The Government policies and efforts surfacing at time t2, when the independent variables were in place at time t1 till their effect is felt on the dependent variable at time t3. The effective the efforts of the government the larger it will effect the relationship between the Independent factors and the dependent factor
HYPOTHESIS DEVELOPMENT Null Hypothesis:
“Cyber crime is not a threat”.
Alternate Hypothesis:
“Cyber crime is a threat”.
If the first hypothesis comes true it will verify that though there is positive relationship between dependent and independent variables due to various government policies cyber crime is not a threat any more .
27
Else, the second option will show that cyber crime is a threat to everyone as government and private policies and measure have decreased it but still is a viable factor.
SCIENTIFIC RESEARCH DESIGN
Under scientific research design we’ll take a look at following titles, which gives us the details of the study.
• • • • • • •
Purpose of the study Types of investigation Extend of researchers interference Study Setting Units of Analysis Sampling Design Time horizon
PURPOSE OF THE STUDY:
Our Study is of hypothesis testing nature .Where are we interested in determining the nature of certain relationship that is, relationship between our dependent and independent variable with in the presence of our intervening and moderating variable.
28
TYPES OF INVESIGATION:
Our study is Co-relational study in nature as in this research we are interested in finding the explanations to different relationships.
EXTENT OF RESEARCHER’S INTERFERNCE:
While conducting this research our participation in investigation was minimal and the entire research work was conducted with in normal setting
STUDY SETTING:
We have conducted this research with in non-contrived setting that is neither any variable was manipulated nor controlled. As our study is co-relational normal settings are chosen for research work
UNIT OF ANALYSIS:
Our unit of analysis is individuals. We have selected 20 individuals who are IT experts or IT students from various organizations and institutions.
29
SAMPING DESIGN:
We have selected 10 individuals randomly as over Sample.
TIME HORIZON:
We have collected the data and have conducted the research at one point in time hence our research work is cross-sectional in nature.
DATA COLLECTION, ANALYSIS AND INTERPRETATION DATA COLLECTION:
I have collected the data relating to the research work of ours from, preliminary data and structured interviews.
SECONDARY DATA COLLECTION:
I have collected the secondary data from websites & have also consulted articles in different IT related websites and magazines.
30
PRIMARY DATA COLLECTION:
I have collected the primary data through structured interviews.
Structured interviews:
I have made a structured interview having the combination of open ended and close ended questions. This constitutes 10 questions in which 2 are close ended questions while 8 of open ended nature. The list of questions is given on next page.
Q1: How would you define Cyber Crime?
Interpretation:
This question was basically put forward to understand how “Cyber Crime” was precieved by different experts. Even though the term does not change its meaning from one place to another but the way in which people define it as per the field of study which they are a part of have a significant effect on the way they define cyber crime. This is evident the minutes of the interview attached with the report. But one thing was common all the respondents that they recognized cybercrimes as a misuse of information technology to achieve on own goals that end up harming the other party
Q2: Do you consider cyber crime as a threat?
31
2.1 2.2
Yes No
10 0
10 10 8 6 4 2 0 YES NO 0
INTERPRETATION: All the respondents no matter from any field of study unanimously agreed that cyber crime is a threat.
32
Q3. Please identify whether the following forms and means (1) occur frequently, (2) occur infrequently, or (3) have not occurred, by placing an “x” as appropriate in the following table: forms and means of cyber-crime Online identity theft (including phishing and online trafficking in false identity information) Hacking (illegal intrusion into computer systems; theft of information from computer systems) Malicious code (worms, viruses, malware and spyware) Illegal interception of computer data Online commission of intellectual property crimes Online trafficking in child pornography Intentional damage to computer systems or data Others Occur frequently Occur infrequently Has not occurred
3.1:Online identity theft:
0 4 6
3.1.1 Occur frequently 3.1.2 Occur infrequently 3.1.3 Has not occurred
6 4 0
33
3.2:Hacking:
3.2.1 Occur frequently 3.2.2 Occur infrequently 3.2.3 Has not occurred
8 2 0
2
0
8
3.3:Malicious code:
3.3.1 Occur frequently 3.3.2 Occur infrequently 3.3.3 Has not occurred
7 3
0
0
3
7
34
3.4: Illegal interception of computer data:
1 4
3.4.1 Occur frequently 3.4.2 Occur infrequently 3.4.3 Has not occurred
4 5 1
5
3.5: Online commission of intellectual property crimes:
3.5.1 Occur frequently 3.5.2 Occur infrequently 3.5.3 Has not occurred
0 6 4
0 4 6
3.6: Online trafficking in child pornography:
3
2 5
3.6.1 Occur frequently 3.6.2 Occur infrequently 3.6.3 Has not occurred
5 3 2
35
3.7: Intentional damage to computer systems or data:
1
3.7.1 Occur frequently 3.7.2 Occur infrequently 3.7.3 Has not occurred
3 6 1
6
3
B. In addition, to the above, if there are there any other forms and means of cyber-crime that have occurred (either frequently or infrequently) in your country, please identify them as well as the frequency with which they occur in the following table.
Interpretation:
36
The respondents were asked if there are any other forms of cyber crimes which they know of that wrere not identified in the A part of the questions , they gave the following answers, • • • • • Hacking pin codes Illegal acess of database Misuse of pictures Spamming through e-mail Using others profiles etc.
Q4
In what way do cyber crime effects you?
Interpretation:
This question was intended toward what effect cyber crime has on the particular field of the experts such as in the case of bankers, they face financial crimes through false debits and credits in computerized accounts. Also identity theft (credit card theft). Or in the case of software companies whose soft are pirated and sold for much less of their original cost. Similar is the case of movie and music industry.
Q5 Can you name any significant event that is considered as a cyber crime?
Interpretation:
37
Many experts named many significant events some of the most significant event which were identified are • • • Y2k Threat Launch of loveletter virus Denial pearl case ( these events have been defined in detail in the preliminary date gathering stage)
Q6
How do you counter it?
Interpretation:
The respondents were asked that how are they able to counter cyber crime the gave many suggestions such as we should not disclose any personal information to any one and especially to strangers. We should use Updated and latest anti-virus software should be used to protect the computer system against virus attacks. While chatting on the net one should avoid sending photographs to strangers along with personal data as it can be misused. Backup volumes of the data should always be kept to prevent loss from virus contamination. Children should be prevented from accessing obscene sites by the parents to protect them from spoiling their mind and career. A credit card number shall never be sent to an unsecured site to prevent fraud or cheating.
Q7
Can you identify any reason as to why cyber crime occur?
Interpretation:
38
The respondents were asked the reasons because of which more and more people are intending to commit cyber crime. The response was there are many reasons because of which people were intended to commit cyber some of the most common reason are • • • • • • • Greed Power Publicity Revenge Adventure Desire to access forbidden information Destructive mindset
Q8
What steps the government has taken?
Interpretation:
The resopondents that Pakistani security agency has launched a special wing to combat cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails. The purpose of establishing the National Response Center for Cyber Crimes is to stop misuse of the Internet and trace those involved in cyber-related crimes.
Q9
Do you consider cyber crime not to be a threat with the implementation of government policies and increase in public awareness?
9.1 9.2
Yes No
1
9 1
9
Yes
No
39
Interpretation:
Most respondents believe that still cyber crime is a immanent threat even in the presence of tough government policies mainly due to the lack to proper implementation.
Q10 Do you want to add any thing to the policies of the government? Interpretation:
The respondents were asked whether they want to include something in the government policies which will decrease if not end cyber crimes.they suggested many solutions which are given at the last part of the report.
DEDUCTION
40
Question No. 2 from the questionnaire were selected to assist in the hypothesis testing.
Null Hypothesis:
“Cyber Crime is not a threat”
Alternate Hypothesis:
“Cyber Crime is a threat”
Result:
Since, the calculated value of chi-square is greater then critical value, so we reject the null hypothesis and hence we accept the alternative hypothesis.
41
Solutions of Cyber Crimes
The Information Technology Act 2000 was passed when the country was facing the problem of growing cyber crimes. Since the Internet is the medium for huge information and a large base of communications around the world, it is necessary to take certain precautions while operating it.
Solutions - the way ahead
The signs are that criminal abuse of computer networks is an increasing problem. There is a need for effective substantive and procedural laws coordinated at global, or at least at European level, to protect the victims of computer-related crime and to bring the offenders to justice. At international level various organisations have co-ordinated or harmonised activities against computer crime. One European Union initiative has concentrated on trying to ensure that minors will not be able to access harmful and illegal content carried over the Internet http://europa.eu.int/ISPO/topics/illegal The European Commission has produced a document on "Combating Computer-related Crime" (COM(2000)890) and it is available on the website: http://europa.eu.int/ISPO/eif/InternetPoliciesSite/Crime/CrimeComEN.pdf From the front lines, the call is for more of everything—more investigators, more funding and more attention from lawmakers and upper management. That call may finally be getting some attention. While obstacles remain, those involved in the cyber-crime fight say there are growing reasons for optimism. Law enforcement agencies are sharing information more often and more widely than ever before. Investigators are more experienced. And, for its part, the technology industry is working on a variety of products that address some fundamental issues behind common cyber-crimes. Evidence that this heightened diligence can turn the tide may be found in the battle against one of the most widespread and insidious forms of cyber-crime: phishing.
42
Through the clever use of company logos, verbatim text and links to convincing replicas of corporate Web sites, phishing scammers entice unsuspecting users to give up private information with appeals bearing titles such as "Problems with your account" and "Account security measures." Despite the pilfered graphics, the messages frequently contain obvious spelling and grammatical errors that can make them more easily identifiable as fakes. However, some of the messages simply ask recipients to follow an embedded link that takes them to an exact replica of the victim company's Web site, where they are then prompted to enter sensitive information. These sorts of attacks are far more difficult to sniff out, especially given that many of them use authentic-looking URLs. In March, there were 402 unique new phishing attacks, a 43 percent increase from the previous month, according to numbers compiled by the Anti-Phishing Working Group, an industry consortium that tracks phishing activity and comprises financial institutions, banks and vendors such as Pass Mark Security LLC, of Woodside, Calif., and Science Applications International Corp., of San Diego. The schemes are getting more sophisticated with attacks that plant Trojan horses and backdoors on users' PCs as soon as users open malicious e-mail messages. "[Phishers] are starting to work with crackers and virus writers. They're sharing code, using common techniques and taking advantage of vulnerabilities to drop something on the machines," said Dan Maier, director of product marketing at Tumbleweed Communications Corp., a provider of secure e-mail solutions based in Redwood City, Calif., and a member of the Anti-Phishing Working Group. "It's very sophisticated code," Maier said. Acknowledging the problem and taking a lead in the effort to thwart such scams, the Department of Justice in April issued a five-page report on phishing, warning consumers and laying out suggested defenses. The report followed similar efforts from the Office of the Comptroller of the Currency at the Federal Deposit Insurance Corp., which urged banks to increase monitoring of phishing-type activities and expand incident-response capabilities to deal with the spike in online fraud. Phishing has the attention of the private sector as well. One of the underlying problems that allow phishing to flourish is that it is hard to determine with any degree of certainty whether the Web site an unsuspecting victim visits is what it claims to be.
43
By using URL redirectors and other means of deceit, scammers can easily hide the true address of their malicious site and make it appear as legitimate as eBay.com or Amazon.com. Identrus LLC, a company that provides identity authentication services to banks and other financial institutions, is working on a solution to the problem. Identrus, whose customer base includes most major U.S. banks, plans to issue "institutional certificates" to its customers and enable those banks to offer client digital certificates to bank customers later this spring. The institutional certificates will allow the banks to prove their identities to their customers digitally and the customers to prove their identities to the banks digitally as well
The primary research concluded certain solutions in order to fight the cyber crimes:
• • • • • • •
Strict laws Should be Imposed for the criminal activities The rate of awareness should be raised about the laws and punishments Use of firewalls should be mandatory Use of anti virus software’s should be encouraged Special training should be given to the cyber police The use of routers at the macro level There must be a system for the IP scan check for the identification purposes.
44
CONCLUSION
• • •
The onus is on educational institutions to foster best practice in the use of information technology. Most computer crime is not detected and is difficult to quantify. It does seem to be a growing world-wide problem. It is clear that in the area of Information Technology new types of crime have emerged as well as the commission of traditional crimes by means of the new technologies.
• •
Although passing laws relating to the Internet is relatively easy, enforcement can be very hard. Perpetrators of computer crime usually exploit weakness in the systems either being used or attacked. Inadequate security procedures - physical, organisational and logical - continue to feature in the vast majority of examples of computer crime
• • • • •
The Pakistan cyber laws are not known to the majority of people and also been termed as inefficient. The most destructive cyber crime prevailing in Pakistan is cyber pornography and hardware viruses. The most obvious reasons of cyber crimes are greed, power, revenge, adventure and publicity. The consequences can be serious threats to the e-business. Communication sector and banking sector. The wide use of pornographic websites is heading to destroy our cultural values.
45
RECOMMENDATION
Any person who operates the net and being exposed to cyber crimes should always abide by and following principles: • • • • • • • • • • • • He should not disclose any personal information to any one and especially to strangers. Updated and latest anti-virus software should be used to protect the computer system against virus attacks. While chatting on the net one should avoid sending photographs to strangers along with personal data as it can be misused. Backup volumes of the data should always be kept to prevent loss from virus contamination. Children should be prevented from accessing obscene sites by the parents to protect them from spoiling their mind and career. A credit card number shall never be sent to an unsecured site to prevent fraud or cheating. Effort shall be made to make a security code and program to guard the computer system from misuse. Routers and firewalls can be used to protect the computer network. A check should be kept on the functioning of cyber cafes and any mishappening shall be reported to the concerned authorities. Efforts should be made to discourage misuse of computers and access to unauthorized data. Strict cyber laws should be formulated and implemented to fight against cyber criminals. A guide book of cyber crimes should be made available to common user for the awareness purpose.
46
REFRENCES
• • • • • • • •
Electronic Crime Unit to be set up The News, By A H Khanzada 5/12/2003 http://www.jang-group.com/thenews/may2003-daily/12-052003/metro/k3.htm FBI training FIA officers on cyber crime, By A Khan, Thursday, September 30, 2004,/www.dailytimes.com.pk/default.asp? date9/30/2004%208:02:35%20PM Information Technology Law Third edition - By Ian Lloyd, - Reed Elsevier (UK) Ltd 2000 Law and The Internet - Regulating Cyberspace, edited by Lillian Edwards and Charlotte Wealde, Oxford: Hart Publishing, 1997 Audit Commission Report 2001 - Your Business@Risk - an update on IT abuse 2001, ISBN 1862402892 Computer Security Institute - CSI/FBI Computer Crime and Security Survey, 2001 - http://www.gocsi.com/prelea/000321.html Harassment Law in the UK - Neil Addison at: http://www.harassmentlaw.co.uk/msindex.htm The European Union On-Line: - http://europa.eu.int/rapid/start/cgi/guesten.ksh? p_action.gettxt=gt&doc=IP/01/273|0|RAPID&lg=EN guesten.ksh?p_action.gettxt=gt&doc=IP/01/273|0|RAPID&lg=EN Council of Europe Publishing - http://conventions.coe.int/ BBC News - http://news.bbc.co.uk/ Cisco Systems, Inc. - http://www.cisco.com/ Siemens Communications Limited - http://www.siemenscomms.co.uk/ Her Majesty's Stationery Office - http://www.hmso.gov.uk/ The Copyright Licensing Agency Ltd - http://www.cla.co.uk/ The University of Texas System http://www.utsystem.edu/ogc/intellectualproperty/napster.htm Internet Watch Foundation - http://www.iwf.org.uk/ The Joint Information Systems Committee (JISC) - http://www.jisc.ac.uk/ University of Miami website- http://www.miami.muohio.edu/ University of Denver website - http://www.du.edu/ The Educational Institute of Scotland - (EIS) - http://www.eis.org.uk/ ZDNet technology - http://www.zdnet.com/ The International Organization for Standardization (ISO) http://www.iso.ch/ The National Hi-Tech Crime Unit http://www.nationalcrimesquad.police.uk/nhtuc/background.html A. Koryagin, Computer and internet technologies crimes: urgency and problems of fighting with them. - http://www.crime-research.ru/library/Koragin.html
•
47
• • • • •
V. Golubev, Investigating Computer crime / Monograph - Zaporozhye: University of Humanities “ZIGMU”, 2002 T. Tropina, Cyber criminality and terrorism, - http://www.crimeresearch.ru/library/Tropina.html. J. Baturin, A. Zhodzinski, Computer crimes and security - Moscow: Jurid. Lit, 1991, p. 18-34. B. Vehov, Computer crimes: ways of commitment and investigation methods – Moscow: 1996, p. 49-105 . V. Golubev, J. Urchenko, Computer information crimes: ways of commitment and protection – edited O. Snigeryov, V. Martuzaev – Zaporizhzhya: Pavel, 1998, p.45. V. Sergeev, Computer crimes in banking – Banking, 1997, #2, p.27-28. Rodionov, A. Kuznetzov, High-tech crimes investigating – Bulletin of the Ministry of Internal Affairs of Russian Federation, 1999, #6, p.67. V. Sergeev, Computer crimes in banking – Banking, 1997, #2, p.27-28
• • •
48
