Introduction to Cyber Crime

The first recorded cyber crime took place in the year 1820! That is not surprising considering the fact that the abacus, which is thought to be the earliest form of a computer, has been around since 3500 B.C. in India, Japan and China. The era of modern computers, however, began with the analytical engine of Charles Babbage.

In 1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the loom. This device allowed the repetition of a series of steps in the weaving of special fabrics. This resulted in a fear amongst Jacquard's employees that their traditional employment and livelihood were being threatened. They committed acts of sabotage to discourage Jacquard from further use of the new technology. This is the first recorded cyber crime

Understanding Cyber Crime Movement in Asia:Today after the BPO outburst in the country we now live and work in a world's biggest back office of global connectivity. We can exchange casual conversation or conduct multimillion monetary transactions with people on the other side of the planet quickly and inexpensively. The proliferation of personal computers, easy access to the Internet, and a booming market for related new communications devices have changed the way we spend our leisure time and the way we do business. Cyber crime: It sounds exotic, the stuff of which futuristic science fiction novels are made. However, law enforcement officers, network administrators, and others who deal with crime and/or cyberspace are discovering that the future is now, and cyber crime is a big and growing problem.

Cyber Crime
Attack Types Mischievous Malicious Steal data Disrupt operations Revenge Personal Issues Purposeful Test your security Attacks Trinoo (DDoS) Tribe Flood Attack (DDos) Stacheldraht Attack (DDos) WinNuke/OOBNuke (URG NetBIOS)

 Back Orifice (31337) Trojan Horse Ping of Death (ICMP Echo request to broadcast) Best Time to Stop the Attack:Preparation Phase Recon Probes Deployed Handler Compromised Agent Recon Attack Ordered Handlers Tell Agents to Attack Agents Attack Protective Steps: Disable unnecessary ports Learn normal traffic patterns Learn normal packet formations Block everything possible at the firewall Stay up-to-date on alerts (CERT.ORG)

Estimated Number of People Online Worldwide

600 500 400 300 (Millions) 200 100 0 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003
IDC NUA Computer Industry Almanac

Sources: http:// yberatlas c .internet com/big_picture/demographics/article/0,1323,59911_151151,00. . html http:// www.nua.ie/surveys/how_many_ online/world.html

The Global and Regional Cyber Crime Problem

Abstract: This paper provides an overview of computer-related crime. Eleven varieties of crime are considered: theft of services; communications in furtherance of criminal conspiracies; information piracy and forgery; the dissemination of offensive materials; cyber-stalking; extortion; electronic money laundering; electronic vandalism and terrorism; sales and investment fraud; illegal interception; and electronic funds transfer fraud. I. INTRODUCTION These basic principles of criminology apply to computer related crime no less than they do to bank robbery or to shop lifting. They will appear from time to time throughout the following discussion. Not all of these factors are amenable to control by governments alone. It follows, therefore, that a variety of institutions will be required to control computer related crime. This paper discusses current and emerging forms of computer-related illegality. It reviews eleven generic forms of illegality involving information systems as instruments or as targets of crime. It will also discuss issues arising from the global reach of information systems. It is trite to describe the ways in which computers have, figuratively speaking, made the world a smaller place. . II. MOTIVATIONS OF COMPUTER CRIMINALS: The motivations of those who would commit computer related crime are diverse, but hardly new. Computer criminals are driven by time-honoured motivations, the most obvious of which are greed, lust, power, revenge, adventure, and the desire to taste forbidden fruit. The ability to make an impact on large systems may, as an act of power, be gratifying in and of itself. The desire to inflict loss or damage on another may also spring from revenge, as when a disgruntled employee shuts down an employers computer system, or to ideology, as when one defaces the web page of an institution that one regards as abhorrent. Much activity on the electronic frontier entails an element of adventure, the exploration of the unknown III. INCREASING OPPORTUNITIES FOR COMPUTER-RELATED CRIME Recent and anticipated changes in technology arising from the convergence of communications and computing are truly breathtaking, and have already had a significant impact on many aspects of life. Banking, stock exchanges, air traffic control, telephones, electric power, and a wide range of institutions of health, welfare, and education are largely dependent on information technology and telecommunications for their operation. We are moving rapidly to the point where it is possible to assert that everything depends on software (Edwards 1995). IV. VARIETIES OF COMPUTER-RELATED CRIME The variety of criminal activity which can be committed with or against information systems is surprisingly diverse. Some of these are not really new in substance; only the medium is new. Others represent new forms of illegality altogether.

The following generic forms of illegality involve information systems as instruments and/or as targets of crime. These are not mutually exclusive, nor are the following list necessarily exhaustive. V. THE CHALLENGE OF CONTROLLING COMPUTER-RELATED CRIME Controlling Contributing Factors- Motives:

Recall from the earlier discussion that crime can be explained in part in terms of the supply of motivated offenders. Given the diversity of computer related crime, it is not surprising that the various types of behaviour discussed above flow from a range of motives. As we have noted, some of these are as old as human society, including greed, lust, revenge and curiosity.
Opportunities: While motives tend not to change, the variety and number of opportunities for cyber crime are proliferating. The exponential growth in connectivity of computing and communications creates parallel opportunities for prospective offenders, and parallel risks for prospective victims. As the internet becomes increasingly a medium of commerce, it will become increasingly a medium of fraud. LEGISLATIVE ISSUES:-

The laws of some countries are relatively elastic, able to embrace new circumstances without having to be amended. Other legal systems are quite rigid, necessitating amendment for new forms of crime. In the common law world, for example, consider offences related to fraud- obtaining something of value by means of deception. Deception entails the involvement of the mind of a human victim. Where fraud is carried out against an electronic system (such as an automatic teller machine), new legislation may be necessary. Similarly, the law of theft or damage in some countries may extend only to tangible items. That is, it may not be a crime to steal or to damage property in digital form.
Most basically, the substantive criminal law should provide for the following: Unauthorised access to a computer or computer system; Interference with lawful use of a computer or a computer system; Destruction or alteration of data within a computer system. Theft of intangible property Obtaining value by deception (including electronic systems)

Similarly, the laws of evidence and procedure should accommodate search and seizure in an electronic environment, and should permit the admissibility of electronic evidence in judicial proceedings. VI. CONCLUSION Trans-national crime of a more conventional nature has proved to be a very difficult challenge for law enforcement. Computer-related crime poses even greater

challenges. There may be differences between jurisdictions about whether or not the activity in question has occurred at all, whether it is criminal, who has committed it, who should investigate it and who should adjudicate and punish it. Moreover, there is a fundamental tension between the deregulatory imperative which characterizes the worlds advanced economies and the desire to control some of the darker corners of cyberspace. There is a significant danger that premature regulatory interventions may not only fail to achieve their desired effect, but may also have a negative impact on the development of technology for the benefit of all. Overregulation, or premature regulatory intervention, may run the risk of chilling investment and innovation. Given the increasingly competitive nature of the global marketplace, governments may be forced to choose between paternalistic imperatives and those of commercial development and economic growth. The challenge facing those who would minimise computer-related crime is to seek a balance which would allow a tolerable degree of illegality in return for creative exploitation of digital technology- in essence, a risk management approach. At this early stage of the technological revolution, it may be useful for individuals, interest groups and governments to articulate their preferences and let these serve as signals to the market. Markets may be able to provide more efficient solutions than state interventions.

Cyber law Act 2001

An Act to amend the law relating to computer offences, and for other purposes Access to data held in a computer means: (a) The display of the data by the computer or any other output of The data from the computer; or (b) The copying or moving of the data to any other place in the Computer or to a data storage device; or (c) In the case of a programthe execution of the program. Commonwealth computer means a computer owned, leased or Operated by a Commonwealth entity. Data includes: (a) Information in any form; or (b) Any program (or part of a program). Data held in a computer includes: (a) Data held in any removable data storage device for the time being held in a computer; or (b) Data held in a data storage device on a computer network of which the computer forms a part. data storage device means a thing (for example, a disk or file Server) containing, or designed to contain, data for use by a Computer. Electronic communication means a communication of information In any form by means of guided or unguided electromagnetic Energy. Impairment of electronic communication to or from a computer Includes: (a) The prevention of any such communication; or (b) The impairment of any such communication on an electronic

Link or network used by the computer; but does not include a mere interception of any such Communication. Modification, in respect of data held in a computer, means: (a) The alteration or removal of the data; or (b) An addition to the data. Telecommunications service means a service for carrying Communications by means of guided or unguided electromagnetic energy or both. Unauthorised access, modification or impairment has the meaning Given in section (2) In this Part, a reference to: (a) Access to data held in a computer; or (b) Modification of data held in a computer; or (c) The impairment of electronic communication to or from a Computer; (d) The impairment of the reliability, security or operation of any Data held on a computer disk, credit card or other device used to store data by electronic means;by a person is unauthorised if the person is not entitled to cause that access, modification or impairment. (2) Any such access, modification or impairment caused by the person is not unauthorised merely because he or she has an ulterior purpose for causing it. (3) For the purposes of an offence under this Part, a person causes any such unauthorised access, modification or impairment if the persons conduct substantially contributes to it. (4) For the purposes of subsection (1), if: (a) a person causes any access, modification or impairment of a kind mentioned in that subsection; and (b) the person does so under a warrant issued under the law of the Commonwealth, a State or a Territory; the person is entitled to cause that access, modification or impairment. A person is not subject to any civil or criminal liability for any act Done inside Australia if: (a) The act is preparatory to, in support of, or otherwise directly Connected with, overseas activities of the agency concerned; (b) The act: (i) Taken together with a computer-related act, event, Circumstance or result that took place, or was intended to take place, outside Australia, could amount to an (ii) In the absence of that computer-related act, event, Circumstance or result, would not amount to an offence; and (c) The act is done in the proper performance of a function of the Agency. (2A) Subsection (2) is not intended to permit any act in relation to premises, persons, computers, things, or telecommunications services in Australia, being: (a) an act that ASIO could not do without a Minister authorising it by warrant issued under Division 2 of Part III of the Australian Security Intelligence Organisation Act 1979 or Computer offences Schedule 1 (b) An act to obtain information that ASIO could not obtain other

than in accordance with section 283 of the Telecommunications Act 1997. DSD means that part of the Department of Defence known as the Defence Signals Directorate. staff member means: (a) in relation to ASISthe Director-General of ASIS or a member of the staff of ASIS (whether an employee of ASIS, 477.1 Unauthorised access, modification or impairment with intent to commit a serious offence Intention to commit a serious Commonwealth, State or Territory offence (1) A person is guilty of an offence if: (a) the person causes: (i) any unauthorised access to data held in a computer; or (ii) any unauthorised modification of data held in a computer; or (iii) any unauthorised impairment of electronic communication to or from a computer; and (b) the unauthorised access, modification or impairment is caused by means of a telecommunications service; and (c) the person knows the access, modification or impairment is unauthorised; and (d) the person intends to commit, or facilitate the commission of, a serious offence against a law of the Commonwealth, a State or a Territory (whether by that person or another person) by the access, modification or impairment. (2) Absolute liability applies to paragraph (1)(b). (3) In a prosecution for an offence against subsection (1), it is not necessary to prove that the defendant knew that the offence was: (a) an offence against a law of the Commonwealth, a State or a Territory; or (b) a serious offence. Computer offences Schedule 1 Cybercrime Act 2001 No. 161, 2001 9 Intention to commit a serious Commonwealth offence (4) A person is guilty of an offence if: (a) the person causes: (i) any unauthorised access to data held in a computer; or (ii) any unauthorised modification of data held in a computer; or (iii) any unauthorised impairment of electronic communication to or from a computer; and (b) the person knows the access, modification or impairment is unauthorised; and (c) the person intends to commit, or facilitate the commission of, a serious offence against a law of the Commonwealth (whether by that person or another person) by the access, modification or impairment. (5) In a prosecution for an offence against subsection (3), it is not necessary to prove that the defendant knew that the offence was: (a) an offence against a law of the Commonwealth; or (b) a serious offence.

Penalty (6) A person who is guilty of an offence against this section is punishable, on conviction, by a penalty not exceeding the penalty applicable to the serious offence. Impossibility (7) A person may be found guilty of an offence against this section even if committing the serious offence is impossible. No offence of attempt (8) It is not an offence to attempt to commit an offence against this section. Meaning of serious offence (9) In this section: Schedule 1 Computer offences 10 Cybercrime Act 2001 No. 161, 2001 serious offence means an offence that is punishable by imprisonment for life or a period of 5 or more years. 477.2 Unauthorised modification of data to cause impairment (1) A person is guilty of an offence if: (a) the person causes any unauthorised modification of data held in a computer; and (b) the person knows the modification is unauthorised; and (c) the person is reckless as to whether the modification impairs or will impair: (i) access to that or any other data held in any computer; or (ii) the reliability, security or operation, of any such data; and (d) one or more of the following applies: (i) the data that is modified is held in a Commonwealth computer; (ii) the data that is modified is held on behalf of the Commonwealth in a computer; (iii) the modification of the data is caused by means of a telecommunications service; (iv) the modification of the data is caused by means of a Commonwealth computer; (v) the modification of the data impairs access to, or the reliability, security or operation of, other data held in a Commonwealth computer; (vi) the modification of the data impairs access to, or the reliability, security or operation of, other data held on behalf of the Commonwealth in a computer; (vii) the modification of the data impairs access to, or the reliability, security or operation of, other data by means of a telecommunications service. Penalty: 10 years imprisonment. (2) Absolute liability applies to paragraph (1)(d). (3) A person may be guilty of an offence against this section even if there is or will be no actual impairment to: (a) access to data held in a computer; or Computer offences Schedule 1 Cybercrime Act 2001 No. 161, 2001 11 (b) the reliability, security or operation, of any such data.

(4) A conviction for an offence against this section is an alternative verdict to a charge for an offence against section 477.3 (unauthorised impairment of electronic communication). 477.3 Unauthorised impairment of electronic communication (1) A person is guilty of an offence if: (a) the person causes any unauthorised impairment of electronic communication to or from a computer; and (b) the person knows that the impairment is unauthorised; and (c) one or both of the following applies: (i) the electronic communication is sent to or from the computer by means of a telecommunications service; (ii) the electronic communication is sent to or from a Commonwealth computer. Penalty: 10 years imprisonment. (2) Absolute liability applies to paragraph (1)(c). (3) A conviction for an offence against this section is an alternative verdict to a charge for an offence against section 477.2 (unauthorised modification of data to cause impairment). Division 478Other computer offences 478.1 Unauthorised access to, or modification of, restricted data (1) A person is guilty of an offence if: (a) the person causes any unauthorised access to, or modification of, restricted data; and (b) the person intends to cause the access or modification; and (c) the person knows that the access or modification is unauthorised; and (d) one or more of the following applies: (i) the restricted data is held in a Commonwealth computer; (ii) the restricted data is held on behalf of the Commonwealth; Schedule 1 Computer offences 12 Cybercrime Act 2001 No. 161, 2001 (iii) the access to, or modification of, the restricted data is caused by means of a telecommunications service. Penalty: 2 years imprisonment. (2) Absolute liability applies to paragraph (1)(d). (3) In this section: restricted data means data: (a) held in a computer; and (b) to which access is restricted by an access control system associated with a function of the computer. 478.2 Unauthorised impairment of data held on a computer disk etc. (1) A person is guilty of an offence if: (a) the person causes any unauthorised impairment of the reliability, security or operation of data held on: (i) a computer disk; or (ii) a credit card; or (iii) another device used to store data by electronic means; and (b) the person intends to cause the impairment; and (c) the person knows that the impairment is unauthorised; and (d) the computer disk, credit card or other device is owned or

leased by a Commonwealth entity. Penalty: 2 years imprisonment. (2) Absolute liability applies to paragraph (1)(d). 478.3 Possession or control of data with intent to commit a computer offence (1) A person is guilty of an offence if: (a) the person has possession or control of data; and (b) the person has that possession or control with the intention that the data be used, by the person or another person, in: