The Internet in the overall world is growing rapidly which has given rise to new opportunities in every field. The Internet has revolutionized the world that has made us free as everything is so accessible but the Internet has its own disadvantages as well and one disadvantage is cybercrime.
We live in a world of global connectivity where we can have spontaneous discussion or conduct multi-million dollar financial dealings with individuals. On the other side of the planet inexpensively and quickly as internet usage is growing continuously.
The world is coming closer, there is no uncertainty at present that computer-generated environments have presented new levels of efficacy, connectivity and throughput to businesses of all types the world over. However, it has also managed to create a major problem for all the people using the new virtual world which are internet crimes.
Internet crime has become a profession. It refers to criminal offenses committed using the internet or another computer network as a component of the crime. It has changed the cyber criminals from the traditional bedroom bound geeks to the type of those organized gangsters, who are now associated with money laundering, drug trafficking, and extortion.
The law related to electronic crimes was passed by the Parliament of Pakistan titled as the Prevention of Electronic Crimes Act, 2016. The law introduced an array of twenty three offenses, such as:
The law also provides for two types of punishments: imprisonment and fine, together or as alternatives to each other.
The Case Lawyer provide legal services against cyber crimes in Pakistan and work with mutual collaboration of highly skilled technology professionals.
Our team is experienced in all cases of cyber crimes, electronic crimes, cyber terrorism, data theft, electronic or internet fraud, misuse of electronic system or electronic device, electronic forgery, unauthorized access to confidential data, misuse of encryption, misuse of code, cyber-stalking, online defamation, online harassment etc.
Violent cyber or internet crimes are considered as having highest priorities to deal with. These crimes are basically against an individual or against any government body. These crimes include the following:
1. Cyber terrorism:
The legislature defines terrorism as premeditated politically motivated violence perpetrated against non-combat targets by sub-national groups or clandestine agents. Cyber terrorism is sometimes referred to as information war or electronic terrorism. A cyber terrorist attack is supposed to cause physical violence or extreme financial war. It includes using social media platforms to spread hatred against the different sects or religious groups which causes a mass scale disaster and also includes recruiting or financing terrorist group members. The target of cyber terrorism is not always a solo target rather a huge population and the government is affected by just attacking the resources they depend on.
2. Assault by threat:
This computer crime involves placing people in fear for their lives or threatening the lives of their loved ones. Many times terrorists threaten the lives of their loved ones and make them do the work. So then all the conviction goes to the person and not to the terrorist groups. The threat can be of life or of revealing a big secret in public that will
cause a fall in the reputation of the person.
3. Cyber stalking:
Cyber stalking is defined as, “The repeated acts of harassment or threatening behavior of cyber criminals towards the victim by using Internet services”. Cyber stalking can also be generally referred to as the repeated acts of harassment targeting the victims such as following the victim, making harassing phone calls, killing the victim SPECT living, written messages or objects at the victim’s place or surrounding.
4. Child pornography and child abuse:
It consists of various phases of individuals who are engaged in the activity of creating pornographic materials using minor children, individuals who distribute these items and also those people who use them. When computers and networks are used for any of these activities child pornography becomes a cyber crime. It is generally considered a violent crime even if the persons involved in these had no physical contact with the children.
It can be defined as the vulgarities of a particular person centered on gender, race, religion, nationality, sexual orientation and more. This often occurs by text, audio or visual messages or content to the victim and defaming them publicly to make them react in a way the criminal wanted.
Most electronic crimes are potentially-violent offenses due to the reason the defining characteristic of the online world is the ability to interact devoid of any physical contact. These electronic crimes can be further divided as follows;
1. Internet Frauds:
Internet frauds can be defined as “the use of the internet to commit frauds that include computers, the internet, money transactions, investments and credit cards, tax refunds to cause monetary or financial gain”.
a. Cyber frauds: cyber fraud involves offering falsehoods to obtain something of value or benefit. The victim voluntarily gives the money or property to the criminal but would not have done so. If the criminals hadn’t made any misrepresentation or false promise of some kind.
b. Tax refund fraud: The process of tax refund fraud goes like this: the cyber criminal first obtains the valid name and social security number, the cyber criminal then makes a withholding information claim, standard deductions and perhaps tax credits and completes a return that creates or generates a large refund. The cybercriminal files the return and then simply waits for either a cheque to be made or a direct transfer of funds to be made to a safe bank account.
c. Investment frauds: Investment frauds target individuals, the fraudsters use convincing arguments to make people part with their savings. The types of fraudsters usually want the individual to invest their money in a company or an opportunity which seems to be offering very high rates of return.
d. Electronic funds transfer frauds: Electronic funds transfer systems have dwelt and the chances of getting intercepted has also increased. Valid credit card numbers can be intercepted electronically and the digital information stored on the card can be counterfeited and used by the criminal. This crime also includes transferring a large amount of money or shares from one bank account to another bank account.
e. Credit Card Frauds: Credit cards are the most frequently used electronic payment instrument. Credit card fraud is the form of identity theft that involves an unauthorized taking of another’s credit card information for making purchases of huge amounts or just withdrawing funds from them.
2. Cyber Trespass:
These offenses assess resources that a computer or a network needs without any kind of authorization. The primary aim of trespassing is to enter the computer or the network and get access to the data information stored therein. The criminal does not need to damage or misuse the data contained in the computer or network.
3. Cyber Theft:
Cyber theft refers to the act of stealing of financial and/or personal information through the use of computers for its fraudulent or other illegal use. Many different types of cyber thefts are a theft of sensitive data. In simple words getting assessed to and stealing of sensitive data is referred to as theft of sensitive data. The sensitive data consists of unencrypted credit card information, personally identifiable information, trade secrets, source code of any software or application, all employee records and so on.
a. Theft of Intellectual Property: Intellectual property includes commercial copyrighted materials like music, movies and books. They are always at risk of being
b. Identity Theft: Identity theft occurs when a cyber criminal successfully steals a person’s personal identifiable information. The crime ends with the victims suffering from any financial loss or any kind of damage that can be done with the data. Identity theft can go undetected for a significant period of time.
c. Embezzlement: It involves misappropriating money or property for one’s own use that has been given or entrusted to them by someone else or some organization for unlawful appropriation. In this crime the criminal gains access to the valuables from outside the organization and transfers the funds and modifies documents giving him the title of the owner, the property that he never owned. Corporate or industrial espionage in this crime person inside or outside the company uses the network to steal the important data of the company. This important data includes trade secrets, financial data, confidential client lists, marketing strategies etc.
d. Plagiarism: It is the theft of someone’s else’s original writing with the intent of passing it off as someone’s own work.
e. DNS Cache Poisoning: It is a form of unauthorized interception in which the contents of the computer’s DNS cache is manipulated. So that all the network transmissions going to that specific domain name are redirected to the attackers’ servers.
4. Narcotics Trafficking:
Narcotics traffickers are increasingly taking advantage of the Internet to sell illegal drugs and substances through the use of advanced internet technologies. Many of the drug traffickers arrange deals on the dark and deep web and deliver narcotics substance using courier websites. By use of the internet, virtual exchanges allow more intimidated individuals to more easily and comfortably purchase illegal drugs.
5. Corporate Account Takeover:
Corporate account takeover means the purchase of one corporate account by another. It begins by illicitly acquiring the login credentials by using a malicious program so that the victim uses the malicious program without noticing it. The attacker then gains access to the victim’s accounts information and transfers the funds to the account of the criminal.
Piracy can be found as the act of unauthorized copying of copyrighted software, music, movies, art, books and so on resulting in the loss of revenue and benefits to the legitimate owner of the copyright.
7. Electronic Money Laundering and Tax Evasion:
It involves using the Internet to hide the origins of money which was obtained through illegal means. Cyber criminals also find opportunities from Online Banking services where they can open accounts without meeting banking officials and due
8. Illegal interception of telecommunications:
Illegal interception means interception of personal and confidential information without the consent of the members of the conversation. Many times calls are tapped or intercepted to know the conversation. Existing law does not provide interception as legal.
9. Internet Relay Chat – IRC:
IRC servers have chat rooms in which people from anywhere in the world can come together and can chat with each other. Criminals use IRC rooms to meet co-conspirators. Hackers use them to discuss their exploits or share their techniques.
10. Cyber Extortion:
It is a crime involving an attack or threat of attack against an enterprise or a corporate company coupled with the demand for money to stop or avoid the attack. The method nowadays used by the cyber criminals is to use ransom where they encrypt the
victims data. The attacker then demands for the decryption key.
Phishing is a method in which the perpetrator sends out legitimate-looking emails in a temp together with personal and financial information from the recipient person. The emails direct the user to update their personal information such as passwords and credit card, pass codes, update social security and bank account numbers. The email that asked for such detail redirects the user to a fake site that looks legitimate and is set up to steal the user’s information.
12. Cyber Bullying:
Cyber bullying is bullying done through electronic technology. This electronic technology includes devices and equipment such as cell phones, computers, tablets and social media sites, text messages, chat and various other websites. Examples of cyber bullying include text messages or emails or rumors sent through emails or posted on social networking sites or embarrassing pictures, videos or uploading offensive data on web sites. Cyber bullying is often committed by students.
13. Destructive Crimes:
Destructive internet crimes are those which include network services being disrupted or data is damaged or destroyed rather than stolen or misused. Each of these crimes deprives the authorized users of the data and our network the use. Some of the descriptive computer crimes are;
a. Cyber vandalism: Cyber vandalism can be a random act just for fun by board hackers with a malicious streak or it might be a form of computer Zagat 8 for profit which includes raising all the files of business competitors or erasing someone’s personal identifiable data.
b. Viruses and other malicious codes: They comprise the huge problem – all in it connected computers. A computer virus is a program that causes unwanted and often the structure results when it is run, viruses affect the program or applications smooth functioning causing it to malfunction or stop working.
c. Worm: A worm is a virus that replicates itself; it often spreads after replication, affecting every program in its way.
d. Trojans: Trojans act as a way to get a virus or worm into the network or computer see.
14. Internet Gambling:
Internet gambling has flourished with online customers able to place bets and virtual casinos using credit cards. It is also known as online gambling. In simple terms gambling using the Internet. The different types of internet gambling are Poker, Casinos, Sports betting, Bingo, Lotteries, Horse-racing betting, Mobile gambling and Advanced deposit of a grain.
15. Sales of Drugs through Internet:
Buying and selling prescription drugs off the internet results in criminal charges of illegal drug distribution or conspiracy to manufacture illegal drugs. Both the trafficking of illegal drugs and the sale of prescription drugs by online pharmacists are growing problems with E-Cyber contraband. Cyber contraband refers to data that is illegal to possess or transfer; cyber contraband simply refers to transferring illegal items through the internet that is banned in some places.
16. IP Spoofing:
IP spoofing involves changing the packet headers of a message to indicate that it came from an IP address other than the true source. The sending computer impersonates another machine and fools the recipient into accepting the fake messages. It can be used along with other attacks like ping of death teardrop and other attacks. Any service that uses IP address authentication is suspected to be IP spoofing.
a. ARP spoofing: ARP spoofing, also called ARP poisoning is a method of sending forged replies which result in incorrect entries in the cache. This results in subsequent messages sent to the wrong computer. The address resolution protocol maintains the ARP cache. This is a table that maps IP addresses to media access control that is the Mac or physical address of computers on the network. The MAC address is used at the physical level to locate the destination computer to which the message should be delivered.
b. H DNS spoofing: The DNS is responsible for managing the resolution of domain names into an equivalent IP address. Any successful replacement of a valid address with an alternate address causes people attempting to assess the domain name to visit the wrong website. This gives attackers a chance to create their own website that masquerades as a legitimate site and to attempt to steal all kinds of information by getting between the user and the real site.
17. DOS Attacks: DOS Attack known as denial of service attack is one of the most popular choices of hackers to disrupt a network operation. This disruption can cause the network to either slow down or crash the entire network. The purpose of the DOS attack is to make a network accessible by generating the type or amount of network traffic that crashes the server, overwhelms the routers or otherwise prevents the net devices from functioning properly. The other type of DOS attack also known as DDoS attacks which use intermediary computers called as agents on which programs known as zombies are installed secretly without the consent of the person to whom it belongs. Then the hacker activates the zombie programs remotely causing the intermediary computers to simultaneously launch the attack; it appears that the attack has originated from the zombie and hence the hacker remains safe.
18. Advance Fee Scam: You must have heard about the Advance Fee Scam, also called Nigerian fraud. It is a crime in which you receive mail that a billionaire died leaving behind property worth corrosive rupees and with no inheritors to claim and share of the property will be given to you. So if you cooperate with some declaration and pay some advance fees towards processing, you can get this money. This fraud is one of the most infamous frauds reported in Pakistan. It was Nigerian for 1/9 crime which emanated from a Nigerian punishable offense as per criminal laws. So just think about those who do not know about cyber crimes and the fact that they will get a property share of such a big billionaire so why not give them the processing fees of one thousand or two thousand dollars and this is where things go wrong. So you should never ever trust an email that asks you to give your financial details in any form.
The main question is: How do the criminals want to do a cyber crime attack? In the investigations we’ll have to proceed after understanding the channel and threats received. So proper understanding in this stage requires knowledge of the threat management initiative associated with a particular type of cybercrime.
Threat vector is a tool or a path through which the attack materializes resulting in risk ultimately classified as cybercrime. So a threat vector is a tool or a path through which the attack is carried out. For example, the computer, data storage device or the microchip which you put in your mobile phone and the router. These are threat vectors. These are the tools through which these cyber attacks are carried out. So this is why it is important to understand the threat vector once that these are the threat vectors through which a cyber crime may be committed. You are alert and know what to do and how to protect these devices. So the associate component of threat management in the context of studying disciple crime channels is the threat landscape. So these are basic components which you need to understand before dwelling into this subject. The present laws of the Pakistan exclusively deals with cyber terrorism and life imprisonment or death punishment for cyber terrorism.
Fast flux is a networking technique used by compromised systems to hide the phishing and Malware delivery locations in such a way that when tracing the IP addresses will show ever-changing hosts and be dynamically changing at very fast and frequent intervals sometimes in a few seconds and minutes. Now this is very important to understand that the cyber criminals are very intelligent people as they know that they will be caught if they do not hide their IP address. So fast flux is a networking technique which will hide the IP address.
What is an IP address?
IP addresses are the address from which a computer works. It is actually the address of the computer through which a cybercrime act may be committed. So what they do using the fast flux technique is hide their IP address.
How does it happen?
The IP address will change very frequently so you would not know which is the correct IP address. So this is a technique which is very common.
Now, we are going to see what are the modes and classifications of cyber crimes along with their legal and social angle for each of these crimes committed by these criminals.
Now there are the three categories we will discuss;
1. The first on the basis of victims.
2. The second on the basis of legal and investigative purposes.
3. Third on the basis of modus operandi.
1. On the basis of victims:
a. First, cyber crimes may be categorized as targeting an individual.
b. The second category is targeting property or money irrespective of the victim.
c. The third category is attacking a group of people, a society or even a nation.
So individuals can understand property or money irrespective of the victim. We can understand what is attacking a group of people, a society or even a nation.
Can this happen?
Yes, it can happen and this is called cyber warfare where in one particular country tries to create cyber terrorism in another country by attacking its information security systems all over the country at different places. Now this is something which we will learn in the other articles.
2. On the basis of legal and investigative purpose:
Now the other basis of classification of cybercrime is from a legal and investigative perspective.
a. The first is with civil and criminal jurisdiction.
b. The second category which comes under legal and investigative perspective.
c. The third is other acts for the criminal procedures.
d. Fourth are the civil acts in torts where computers are involved in which only monetary compensation is paid and not a punishment.
3. On the basis of modus operandi:
What is modus operandi?
Modus operandi means main focus or what is the way in which the current will be conducted. So;
a. The first category is called physical attack targeting the hardware.
b. The second is a software attack targeting the information resources through a software program or a tool.
c. The third is network access that is attacking the system through vulnerabilities in the network with or without the help of software vulnerabilities.
d. Fourth, which is very important is that insider threat reaching an information asset in an organization through an insider or an employee of the organization is very dangerous and it in fact is one of the easiest ways to destroy. So this is something which we should definitely have an idea of what are the different channels of cybercrime.
This is very important in the business again to limit those instances of crimes of opportunity using up-to-date industry standard antivirus software and security software.
I’ve said this over and over again that antivirus software may not be enough. There’s better security software out there that you may need to make sure you get liability insurance for your company. So to be proactive to protect yourself, you have to take the following 15 steps for prevention of electronic crimes.
1. Train yourself and train your employees. That’s why you’re reading this training right now because you’re learning about this information. There’s lots of other information out there. Take advantage of it,
2. Make sure all operating systems are up-to-date.
3. All backups should be secured, encrypted and not connected to the network. This prevents hackers from getting all of the data and allows business operations to continue.
4. Make sure your backups are not connected.
5. Keep systems secure, password protected and access restricted.
6. Disable macro since these scripts can often seed malware in a system permissions.
7. Employee access may need to see some files but not others and therefore what you have to do is make sure that in all of your applications that your permissions are set so that some of your employees get access to certain information. Other employees get access to other information. Maybe they need to cross communicate in order to do their jobs which creates an environment of checks and balances but ultimately it’s set up so that not everybody can access everything.
8. Make sure you get cyber insurance for your company, if an event happens regular liability insurance may not cover it. Liability insurance can cover the financial losses but cybersecurity is going to better cover those events where cybercrime has taken place and financial losses have occurred due to cybercrime.
9. Make sure you use encryption software and data encryption which is a software process by which data on your computer’s hard drives in folders applications and so forth is algorithmically changed so that it’s unreadable without being decrypted for authorized users security authorization protocols such as biometric scanners passwords and will decrypt the data but hacker will have less success and if you’re thinking to yourself that you just don’t have the ability to encrypt your data.
10. There are data encryption companies out there. There are a plethora of companies out there today that will provide data encryption for your company and you don’t even have to have an IT department or dedicated IT professional working to solve these problems at your organization. You could simply have the company do all of this for you with regards to encryption.
11. Make sure that your wireless devices are encrypted. Most of them can be encrypted right on the phone themselves or on the tablet themselves.
12. Make sure all wireless devices are encrypted as of this writing the most secure wireless decryption is Wi-Fi protected access to or WPA2 and you can usually get that from your internet service provider (ISP).
13. Make sure that you have destroyed your old data that is no longer in use.
14. Make sure that the data you have destroyed cannot be recovered back as sometimes you sell your laptops, computers or other portable devices in which you have stored the data.
15. Make sure that you are aware of the updated law of the land.
How to maintain data?
Be sure to have protocols in place that account for the creation of data. The storage of data wallets and use and the deletion of data when it’s no longer necessary, physical files, paper folders etc. They should be shredded and destroyed and you need to have a good shredder in your office or your organization wherever you work that not only shreds lengthwise but also shreds horizontally as well because you want to make sure that it’s not able to be put back together. Old hard drives should be destroyed as data breaches have occurred because companies have either sold their old laptops or given them away to charities. They have to be destroyed and there are companies out there that will actually do this for you. Make sure there’s no way to recover the data once it’s destroyed and override the previous data with unimportant files. They have to be destroyed and the actual physical hard drives must be destroyed as well. Electronic devices should be destroyed when they are no longer in use. So you have to make sure that you’re doing everything you can to make sure that data cannot be recovered. If it’s sensitive data, if it’s trade secrets, if it’s personally identifiable information or financial information like credit cards then that information can be pulled off of that hard drive and used for financial gain which can put you at risk for liability. It’s going to make your business more secure and protective.
What is computer fraud?
So let us understand what fraud is? What is the definition of fraud? Which activity would you consider to be a fraud? Three definitions I would like to refer to. Anything which has a criminal intent and which is done on a computer is called computer fraud. There are many other words such as cheating, dishonesty, wrongful gain, abuse, misuse which can be used as synonyms of this word fraud. The intention that is the criminal intent of mind which is also called means rea is the essence of fraud and any activity done with an intent to defraud is the three phrases. Any fraud which is done with the help of a computer or any electronic device may be called a computer fraud. Now any activity with fraud or intention or with an idea to defraud others is a fraud. This is the basic and the main concept. The intent in a fraud is the most important part. So many times you may want to do something on the computer and your intent is not criminal. Then it may not be considered as fraud, it may be considered as an error which is operational. Now to consider studying cybercrime and computer fraud. It is basically the same
because once a computer fraud is done, it is a form of cybercrime. So in this case of computer fraud the intent of mind is fraudulent activities. The essence whereas in cybercrime a may or may not have the dishonesty or the fraudulent tag attached to it and maybe just breach of some security initiative