Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
All the praise to Almighty Allah the most beneficent and merciful who gave us this
opportunity to compile this research report.
I am very thankful to course instructor Dr. Shabib ul Hasan who remained very
cooperative and helpful throughout this work. He just did not make my concepts clear
but gave me vivid direction and east path to compile this report. I hope that he will
continue to guide me in this way in future.
This report is the combination of lot of sincere hard work and dedication. This report is
the result of valuable ideas and suggestions given by IT experts and MS students. They
all were very cooperative and helpful through this research report.
I am also very thankful to my class fellows who were very supportive to make the things
easy, as it was very strenuous task.
I will highly appreciate any suggestion for improvement in this report or any other
queries regarding this report and its contents from everyone especially from my
companions and well wishers. As nothing is perfect in this world and there is always a
room for improvement.
2
PRELIMINARY DATA GATHERING
Table of Contents
1 Abstract 4
2 Observation 5
Introduction 6
4 Literature Survey 21
5 Problem Definition 25
6 Theoretical Framework 25
8 Hypothesis Development 27
11 Deduction 41
13 Conclusion 45
14 Recommendation 46
15 References 47
3
ABSTRACT
RESEARCH METHODOLOGY
The first section of the report include the observation, objective of the research as to why
we are doing this research, preliminary data gathered to have a clear knowledge of the
following research, theoretical framework in which all the possible variables are defined
along with this hypothesis is also generated in the form of statements, scientific research
design which includes information about sampling and data collection procedures.
This section extracts and displays all the data that was collected in the conclusive
research and presents this in the form of close cross tabulations, graphs and pie charts to
simplify interpretation. We have used Microsoft excel for the calculations.
RESEARCH RESULTS:
This section includes the analysis of data ad draws results based on them. This includes
basic research findings, conclusions and recommendation according to the data collected
and analyzed.
4
OBSERVATION
The information infrastructure is increasingly under attack by cyber criminals. The
number, cost, and sophistication of attacks are increasing at alarming rates. Worldwide
aggregate annual damage from attacks is now measured in billions of U.S. dollars.
Attacks threaten the substantial and growing reliance of commerce, governments, and the
public upon the information infrastructure to conduct business, carry messages, and
process information. Most significant attacks are transnational by design, with victims
throughout the world.
Measures thus far adopted by the private and public sectors have not provided an
adequate level of security. While new methods of attack have been accurately predicted
by experts and some large attacks have been detected in early stages, efforts to prevent or
deter them have been largely unsuccessful, with increasingly damaging consequences.
Information necessary to combat attacks has not been timely shared. Investigations have
been slow and difficult to coordinate. Some attacks gets birth in Pakistan that lack
adequate laws governing deliberate destructive conduct.
Efforts shall be made to make a security code and program to guard the computer system
from misuse, routers and firewalls can be used to protect the computer network. A check
should be kept on the functioning of cyber cafes and any mishappening shall be reported
to the concerned authorities. Strict cyber laws should be formulated and implemented to
fight against cyber criminals.
5
PRELIMINARY DATA GATHERING
1. INTRODUCTION:
Before evaluating the concept of cyber crime it is obvious that the concept of
conventional crime be discussed and the points of similarity and deviance between both
these forms may be discussed.
CONVENTIONAL CRIME:
Crime is a social and economic phenomenon and is as old as the human society. Crime is
a legal concept and has the sanction of the law. Crime or an offence is a legal wrong that
can be followed by criminal proceedings which may result into punishment. The
hallmark of criminality is that, it is breach of the criminal law. Per Lord Atkin the
criminal quality of an act cannot be discovered by reference to any standard but one: is
the act prohibited with penal consequences.
CYBER CRIME
Cyber crime is the latest and perhaps the most complicated problem in the cyber world.
Cyber crime may be said to be those species, of which, genus is the conventional crime,
and where either the computer is an object or subject of the conduct constituting crime.
Per Lord Atkin Any criminal activity that uses a computer either as an instrumentality,
target or a means for perpetuating further crimes comes within the ambit of cyber crime
A generalized definition of cyber crime may be unlawful acts wherein the computer is
either a tool or target or both. The computer may be used as a tool in the following kinds
of activity- financial crimes, sale of illegal articles, pornography, online gambling,
intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking.
The computer may however be target for unlawful acts in the following cases-
unauthorized access to computer/ computer system/ computer networks, theft of
6
information contained in the electronic form, e-mail bombing, data didling, salami
attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer
system, physically damaging the computer system.
The first recorded cyber crime took place in the year 1820!
That is not surprising considering the fact that the abacus, which is thought to be the
earliest form of a computer, has been around since 3500 B.C. in India, Japan and China.
The era of modern computers, however, began with the analytical engine of Charles
Babbage.
Today, computers have come a long way, what with neural networks and nano-
computing promising to turn every atom in a glass of water into a computer capable of
performing a billion operations per second.
7
Cyber crime is an evil having its origin in the growing dependence on computers in
modern life. In a day and age when everything from microwave ovens and refrigerators
to nuclear power plants is being run on computers, cyber crime has assumed rather
sinister implications.
Financial crimes
This would include cheating, credit card frauds, money laundering etc.
This would include sale of narcotics, weapons and wildlife etc., by posting information
on websites, auction websites, and bulletin boards or simply by using email
communication. E.g. many of the auction sites even in India are believed to be selling
cocaine in the name of honey.
Online gambling:
There are millions of websites; all hosted on servers abroad, that offer online gambling.
In fact, it is believed that many of these websites are actually fronts for money
laundering.
Email spoofing
A spoofed email is one that appears to originate from one source but actually has been
sent from another source. E.g. Faraz has an e-mail address pooja@asianlaws.org. Her
enemy, Sameer spoofs her e-mail and sends obscene messages to all her acquaintances.
8
Since the e-mails appear to have originated from Faraz, her friends could take offence
and relationships could be spoiled for life. Email spoofing can also cause monetary
damage.
Forgery
Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged
using sophisticated computers, printers and scanners.
Outside many colleges across Pakistan, one finds touts soliciting the sale of fake mark
sheets or even certificates. These are made using computers, and high quality scanners
and printers. In fact, this has becoming a booming business involving thousands of
Rupees being given to student gangs in exchange for these bogus but authentic looking
certificates.
Cyber Defamation:
This occurs when defamation takes place with the help of computers and / or the Internet.
E.g. someone publishes defamatory matter about someone on a website or sends e-mails
containing defamatory information to all of that persons friends.
Cyber stalking:
The Oxford dictionary defines stalking as pursuing stealthily. Cyber stalking involves
following a persons movements across the Internet by posting messages (sometimes
threatening) on the bulletin boards frequented by the victim, entering the chat-rooms
frequented by the victim, constantly bombarding the victim with emails etc.
Now, let us examine some of the acts wherein the computer is the target for an unlawful
act. It may be noted that in these activities the computer may also be a tool. This kind of
activity usually involves sophisticated crimes usually out of the purview of conventional
criminal law. Some examples are:
This activity is commonly referred to as hacking. An active hackers group, led by one
Dr. Nuker, who claims to be the founder of Pakistan Hackers Club, reportedly hacked
the websites of the Indian Parliament, Ahmedabad Telephone Exchange, Engineering
Export Promotion Council, and United Nations (India).
This includes information stored in computer hard disks, removable storage media etc.
9
Data diddling
This kind of an attack involves altering raw data just before it is processed by a computer
and then changing it back after the processing is completed. Electricity Boards in
Pakistan have been victims to data diddling programs inserted when private parties were
computerizing their systems.
Salami attacks
These attacks are used for the commission of financial crimes. The key here is to make
the alteration so insignificant that in a single case it would go completely unnoticed. E.g.
a bank employee inserts a program, into the banks servers, that deducts a small amount
of money (say Rs. 5 a month) from the account of every customer. No account holder
will probably notice this unauthorized debit, but the bank employee will make a sizeable
amount of money every month.
This involves flooding a computer resource with more requests than it can handle. This
causes the resource (e.g. a web server) to crash thereby denying authorized users the
service offered by the resource. Another variation to a typical denial of service attack is
known as a Distributed Denial of Service (DDoS) attack wherein the perpetrators are
many and are geographically widespread.
It is very difficult to control such attacks. The attack is initiated by sending excessive
demands to the victims computer(s), exceeding the limit that the victims servers can
support and making the servers crash. Denial-of-service attacks have had an impressive
history having, in the past, brought down websites like Amazon, CNN, Yahoo and eBay!
Viruses are programs that attach themselves to a computer or a file and then circulate
themselves to other files and to other computers on a network. They usually affect the
data on a computer, either by altering or deleting it. Worms, unlike viruses do not need
the host to attach themselves to. They merely make functional copies of themselves and
do this repeatedly till they eat up all the available space on a computers memory. The
VBS_LOVELETTER virus (better known as the Love Bug or the ILOVEYOU virus)
was reportedly written by a Filipino undergraduate.
Logic bombs
These are event dependent programs. This implies that these programs are created to do
something only when a certain event (known as a trigger event) occurs. E.g. even some
viruses may be termed logic bombs because they lie dormant all through the year and
become active only on a particular date (like the Chernobyl virus).
10
Trojan attacks
A Trojan as this program is aptly called is an unauthorized program which functions from
inside what seems to be an authorized program, thereby concealing what it is actually
doing. There are many simple ways of installing a Trojan in someones computer.
This connotes the usage by an unauthorized person of the Internet hours paid for by
another person.
Web jacking
This occurs when someone forcefully takes control of a website (by cracking the
password and later changing it). The actual owner of the website does not have any more
control over what appears on that website.
This type of offence involves the theft of a computer, some part(s) of a computer or a
peripheral attached to the computer.
Unauthorized Access
Unauthorized access would therefore mean any kind of access without the permission of
either the rightful owner or the person in charge of a computer, computer system or
computer network. Thus not only would accessing a server by cracking its password
authentication system be unauthorized access, switching on a computer system without
the permission of the person in charge of such a computer system would also be
unauthorized access.
Packet sniffing, tempest attack, password cracking and buffer overflow are common
techniques used for unauthorized access.
11
Viruses
A computer virus is a computer program that can infect other computer programs by
modifying them in such a way as to include a (possibly evolved) copy of it. Note that a
program does not have to perform outright damage (such as deleting or corrupting files)
in order to be called a "virus".
Email has fast emerged as the worlds most preferred form of communication. Billions of
email messages traverse the globe daily. Like any other form of communication, email is
also misused by criminal elements.
The ease, speed and relative anonymity of email has made it a powerful tool for
criminals. Some of the major email related crimes are:
1. Email spoofing
2.Sending malicious codes through email
3.Emailbombing
4. Sending threatening emails
5. Defamatory emails
6. Email frauds
1. Email spoofing
A spoofed email is one that appears to originate from one source but has actually
emerged from another source. Email spoofing is usually done by falsifying the name
and / or email address of the originator of the email.
Usually to send an email the sender has to enter the following information:
12
2. Spreading Trojans, viruses and worms
Emails are often the fastest and easiest ways to propagate malicious code over the
Internet. The Love Bug virus, for instance, reached millions of computers within 36 hours
of its release from the Philippines thanks to email.
Hackers often bind Trojans, viruses, worms and other computer contaminants with e-
greeting cards and then email them to unsuspecting persons. Such contaminants can also
be bound with software that appears to be an anti-virus patch. E.g. a person receives an
email from information@mcaffee.com (this is a spoofed email but the victim does not
know this). The email informs him that the attachment contained with the email is a
security patch that must be downloaded to detect a certain new virus. Most unsuspecting
users would succumb to such an email (if they are using a registered copy of the McAffee
anti-virus software) and would download the attachment, which actually could be a
Trojan or a virus itself!
3. Email bombing
Email bombing refers to sending a large number of emails to the victim resulting in the
victims email account (in case of an individual) or servers (in case of a company or an
email service provider) crashing.
A simple way of achieving this would be to subscribe the victims email address to a
large number of mailing lists. Mailing lists are special interest groups that share and
exchange information on a common topic of interest with one another via email. Mailing
lists are very popular and can generate a lot of daily email traffic depending upon the
mailing list. Some generate only a few messages per day others generate hundreds. If a
person has been unknowingly subscribed to hundreds of mailing lists, his incoming email
traffic will be too large and his service provider will probably delete his account.
The simplest email bomb is an ordinary email account. All that one has to do is compose
a message, enter the email address of the victim multiple times in the To field, and
press the Send button many times. Writing the email address 25 times and pressing the
Send button just 50 times (it will take less than a minute) will send 1250 email
messages to the victim! If a group of 10 people do this for an hour, the result would be
750,000 emails!
There are several hacking tools available to automate the process of email bombing.
These tools send multiple emails from many different email servers, which make it very
difficult, for the victim to protect himself.
13
4. Threatening emails
Email is a useful tool for technology savvy criminals thanks to the relative anonymity
offered by it. It becomes fairly easy for anyone with even a basic knowledge of
computers to become a blackmailer by threatening someone via e-mail.
5. Defamatory emails
6. Email Frauds
Email spoofing is very often used to commit financial crimes. It becomes a simple thing
not just to assume someone elses identity but also to hide ones own. The person
committing the crime understands that there is very little chance of his actually being
identified.
Ministers from the eight major industrialized nations, the G8, have agreed on a plan to
fight international computer crime.
The move follows a meeting in Washington of the interior and justice ministers of
Britain, Canada, France, Germany, Italy, Japan, Russia and the United States.
"With emerging technologies, no longer will we have to fight 21st century crimes with
19th century tools," she said. "Today is an important day in fighting computer crime, and
in laying the groundwork for the next century of crime fighting."
14
The agreement aims to tackle the following forms of cyber crime:
pedophilia
drug-trafficking
money-laundering
electronic fraud such as theft of credit card numbers, money-laundering and
computerized piracy
industrial and state espionage
The most important measure to tackle these offences is a commitment to train law
enforcement officials in the tools of the cyber trade, and to co-ordinate prosecution
efforts so that countries know where to try a cyber criminal.
Ministers also pledged to create a 24-hour-a-day contact service to help national police
forces respond quickly and in a concerted manner to fast-moving cyber-criminals.
Other measures in the ten-point action plan include judicial co-operation and agreements
on extradition, hastening the progress of mutual agreements, speeding up communication,
provision of standards for secure telecommunications and developing forensic standards
for retrieving electronic data .
In India the following types of cyber crimes exist and are increasing at a rapid pace
namely: financial crimes, sale of illegal articles, pornography, online gambling,
intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking.
The computer may however be target for unlawful acts in the following cases-
unauthorized access to computer/ computer system/ computer networks, theft of
information contained in the electronic form, e-mail bombing, data didling, salami
15
attacks, logic bombs, Trojan attacks, internet time thefts, web jacking, theft of computer
system, physically damaging the computer system.
1. Financial crimes
2. Cyber pornography
3. Sale of illegal articles
4. Online gambling
5. Intellectual Property crimes
6. Email spoofing
7. Cyber stalking
8. Forgery
9. Unauthorized Access to computer systems\networks
10. Theft of information contained in electronic form
11. Virus\ Worm Attacks
12. Logic Bombs
13. Trojan Attacks
14. Internet Time theft
15. Password Cracking
16. Buffer Overflow
The Internet is not widespread in Pakistan and is moving at a slow and irregular pace,
said the French Reporters sans frontires (Reporters Without Borders) organisation in its
second annual report (2003) on cyberspace titled The Internet under Surveillance:
Obstacles to the free flow of information online.The RSF is a Paris-based watchdog that
defends imprisoned journalists and press freedom throughout the world, and protects the
publics right to be informed in accordance with Article 19 of the Universal Declaration
of Human Rights.
The report says the Internet is the bane of all dictatorial regimes, but even in democracies
such as the United States, Britain and France, new anti-terrorism laws have tightened
government control of it and undermined the principle of protecting journalistic sources.
The report is about attitudes towards the Internet by the powerful in 60 countries,
between spring 2001 and spring 2003. The preface is by Vinton G Cerf, often called the
father of the Internet.
16
The number of Internet users in China, the report says, doubles every six months and the
number of Chinese websites doubles every year. But this dizzying expansion of
cyberspace is matched by government efforts to control, censor and repress it with harsh
laws, jailing cyber-dissidents, blocking access to websites, spying on discussion forums
and shutting down cyber cafs.
Regarding Pakistan, the reports said, there are around 500,000 using the services of
privately owned ISPs. The Internet is not yet widespread and is still mainly accessed
through cyber cafs. It does not seem to be heavily censored. But the Daniel Pearl
kidnapping and murder case showed how extremists could use it. The military regime has
made every effort to block access to a US-based investigative journalism website.
With only a half a million Internet users, Pakistan is quite behind in new information
technology. This is mainly because of the countrys large size and low level of economic
development, including only a few million private phone lines, mostly in big cities.
General Pervez Musharrafs government appears to favour its growth, even though on the
day he seized power, 12 October 1999, the army cut off all Internet connections for
several hours, and in July 2002, the Pakistan Telecommunications Authority (PTA) tried
to force cyber cafs owners to record the names of their customers.
The report says, Gen Musharraf says his government has invested more than 100 million
euros in communications and sharply reduced the cost of connections and services since
1999. Pakistan has since launched a programme to boost digital technology, the
information technology with an efficient telecom policy.Slow and difficult development:
The new policy has led the government to cut Internet connection costs and invest in
telecommunications infrastructure, while putting the Internet under the direct supervision
of the PTA. The states monopoly in the sector ended in December 2001 but big Internet
operators such as AOL are reluctant to invest in a country where scant profits are to be
made. For the time being, Pakistanis are enthusiastically using cyber cafs, which are
everywhere in the cities. In Peshawar, a new one opens nearly every day.
The Pakistan Telecommunication Company (PTCL) announced on April 2, 2003 that 400
new sites with indecent content had been added to an earlier list of 100 banned
websites and asked Internet operators to block access to them. ISPs said the move would
slow down Internet access. A senior PTCL official, Zahir Khan, said on April 6, 2003,
that access to nearly 1,800 pornographic sites had been banned and that the PTCL was
thinking of importing software to make it easier to do. Also targeted were anti- Islamic
and blasphemous sites. The PTCL admitted the blocking would temporarily slow down
Internet navigation but said it was necessary because of what it called the great threat to
society from such sites. Mairaj-ul-Huda, a leader of the Jamaat-e-Islami party, welcomed
the moves and said the electronic media had to be reformed to bring them in line with the
countrys culture and religion so that young people would not be tempted by such evil.
17
hackers who were making them inaccessible. Information technology minister Awais
Ahmad Khan Leghari said that if the attackers were identified, the government would
take the matter to the relevant international authorities to seek punishment for them. The
previous month, he had said the government was thinking of hiring its own hackers to
fight the Indian attacks.
Electronics and cyber crimes are the yield of high tech-era, which must be dealt with the
same sort of expertise and sophistication, to unearth crimes, fix the responsibilities, and
to make headway. It is Very necessary for persons who are investigating the cases of
Electronics and cyber crimes that they should know each and every Technicality of the
subject like an expert.
Sindh police chief's order for setting-up the ECU, appears a mere lip-service. Without
cyber cops, cyber judges, cyber advocates, etc one wonders how cyber criminals would
be arrested, and how investigations would be conducted to nab the accused persons. It
has yet to be decided who would conduct hearing of cyber crime cases and who would be
competent to decide them, or whether the person implicated is indeed involved in the
crime or not.
Reports indicate that in the history of Pakistan, there had been only three cases of cyber
crime reported so far. two of these cases were investigated by the defunct Crimes Branch
of Sindh Police, and the third one was a very high profile case, in which a US journalist
Daniel Pearl was reportedly kidnapped and later assassinated by unknown persons. Later,
some accused persons including a British national were arrested in this case as their
involvement was detected
Although the case of the US journalist Daniel Pearl was decided by the learned court, the
persons who had been implicated in the crime earlier by the police through cyber means,
were the same who were sentenced by the court.
If any investigator were to look deeply into these cases he would see on technical
grounds that the evidences gathered by the police investigators in the Daniel Pearl case
were not sufficient enough to fix the responsibilities on the accused persons.
18
Technical evidences must be examined in the light of Articles 6 and 7 of the Evidence
Act, under which condition a question would be raised whether the evidences presented
before the court in the Daniel Pearl case were justified or not. It might be the government
policy, but it remains a fact that gathering and presentation and acceptance of evidences
were not smooth and transparent.
Clearly, the police officials who investigated the crime were not bearing any expertise to
deal with cyber crimes at all. Whatever the learned court had decided is acceptable to all
but one question remains very pertinent about the validity of the investigation itself
which had been carried out without properly-trained officials, who were certainly not
cyber cops in this case. Moreover, the court which examined the case was not presided by
a cyber judge, which was
It should be recalled here that so far no legislation had been enacted in the country to deal
with cases of cyber crimes. It is also worth mentioning here that few multinational banks
operating in Pakistan had offered their services time and again to the high police officials
for training and provision of the equipment required to deal with the cyber crimes. More
than half a dozen meetings in this
Connections were held with the former IGP Aftab Nabi, but they yielded no result.
Sources close to fraud control units of the different multinational banks disclosed that
they had also approached the IGP Syed Kamal Shah, but to no avail. Now, the orders for
establishing the ECU were given in writing by none other than the IGP Sindh himself to
his subordinates who are undergoing the course of proper formalities, but their
implementation has yet to materialise.
19
4.3 Pakistan sets up cyber crime wing
"The importance of this special wing was felt when Daniel Pearl was kidnapped, and his
captors started sending e-mails to newspapers," he said.
The Wall Street Journal correspondent disappeared on January 23, 2002 from Pakistan's
southern city of Karachi.
On January 27, 2002, the Journal and other media received an e-mail from a group
calling itself the National Movement for the Restoration of Pakistani Sovereignty. The e-
mail contained a photo of Pearl, 38, with a gun to his head.
The FBI traced the e-mails, and police captured those who allegedly sent them to the
newspapers, but, on February 21, 2002, the U.S. Embassy received a videotape showing
Pearl was dead.
"The National Response Center for Cyber Crimes will play a key role in the days to come
in tracing those terrorists who often use the Internet or prepaid telephone cards to
communicate messages to their associates for carrying out acts of terrorism and other
purposes," Ahmad said.
The special wing has been established at the headquarters of an intelligence agency in
Islamabad, Pakistan's capital.
20
Literature Survey
The short reviews to the literature we have gone through are given below:
Article no.1
http://en.wikipedia.org/wiki/Cybercrime
An international legal definition is cybercrime that is used by most of the countries in Europe and
North America as well as South Africa and Japan was agree in the Convention on Cybercrime
that entered into force on 1 July 2004.
Although the term cybercrime is usually restricted to describing criminal activity in which the
computer or network is an essential part of the crime, this term is also used to include traditional
crimes in which computers or networks are used to enable the illicit activity.
Examples of cybercrime which the computer or network is a tool of the criminal activity include
spamming and criminal copyright crimes, particularly those facilitated through peer-to-peer
networks.
Examples of cybercrime in which the computer or network is a target of criminal activity include
unauthorized access (i.e, defeating access controls), malicious code, and denial-of-service attacks.
Examples of cybercrime in which the computer or network is a place of criminal activity include
theft of service (in particular, telecom fraud) and certain financial frauds.
Finally, examples of traditional crimes facilitated through the use of computers or networks
include Nigerian 419 or other gullibility or social engineering frauds (e.g., hacking "phishing",
identity theft, child pornography, online gambling, securities fraud, etc.). Cyberstalking is an
example of a traditional crime -- harassment -- that has taken a new form when facilitated through
computer networks.
Additionally, certain other information crimes, including trade secret theft and industrial or
economic espionage, are sometimes considered cybercrimes when computers or networks are
involved.
Cybercrime in the context of national security may involve hacktivism (online activity intended
to influence policy), traditional espionage, or information warfare and related activities.
One of the recent researches showed that a new cybercrime is being registered every 10 seconds
in Britain. During 2006 the computer crooks were able to strike 3.24 million times. Some crimes
performed on-line even surpassed their equivalents in real world. In addition, experts believe that
about 90% of cybercrimes stay unreported.
21
According to a study performed by Shirley McGuire, a specialist in psychology of the University
of San Francisco, the majority of teenagers who hack and invade computer systems are doing it
for fun rather than with the aim of causing harm. Shirley McGuire mentioned that quite often
parents cannot understand the motivation of the teenage hackers. She performed an anonymous
experiment, questioning more than 4,800 students in the area of San Diego. Her results were
presented at the American Psychological Association conference:
18% of all youngsters confessed of entering and using the information stored on other personal
computer or website;
13% of all the participants mentioned they performed changes in computer systems or computer
files.
The studies revealed that only 1 out of 10 hackers were interested in causing certain harm or earn
money. Most teenagers performed illegal computer actions of curiosity, to experience excitement.
Many cyber police is getting more complaints about Orkut these days as many fake profiles being
created and thus leads to crime.
Write up # 1
There is the new crime of cracking, invading, or snooping into other people or
organizations computer systems. Opinions differed as to whether merely looking was a
crime, especially since earlier hackers often detected security flaws and felt they were
being upstanding public citizens in reporting them. Clearly entering a system with
criminal intent is another matter.
Then there are situations where the crime is old but the system is new, such as Internet
fraud scams. Marketing fraud has been around for millennia, telephone scams have been
around for decades, and now we have Internet scams. The same is true for pornography
and copyright fraud.
The third element is about investigation, where the computer serves as a repository of
evidence, necessary for successful prosecution of whatever crime is being transacted.
What used to be recorded in paper records is unlikely to be recorded except digitally now,
and can be destroyed or encrypted remotely.
22
Article # 2:
www.wired.com
ISLAMABAD, Pakistan --A Pakistani security agency has launched a special wing to
combat cyber crimes in part because the country had to rely on U.S. investigators to trace
e-mails sent by the kidnappers of American journalist Daniel Pearl a year ago.
"The purpose of establishing the National Response Center for Cyber Crimes is to stop
misuse of the Internet and trace those involved in cyber-related crimes," Iftikhar Ahmad,
spokesman for Pakistan's Interior Ministry, told the Associated Press on Wednesday.
"The importance of this special wing was felt when Daniel Pearl was kidnapped, and his
captors started sending e-mails to newspapers," he said.
The Wall Street Journal correspondent disappeared on Jan. 23, 2002, from Pakistan's
southern city of Karachi.
On Jan. 27, 2002, the Journal and other media received an e-mail from a group calling
itself the National Movement for the Restoration of Pakistani Sovereignty. The e-mail
contained a photo of Pearl, 38, with a gun to his head.
The FBI traced the e-mails, and police captured those who allegedly sent them to the
newspapers, but, on Feb. 21, 2002, the U.S. Embassy received a videotape showing Pearl
was dead.
"The National Response Center for Cyber Crimes will play a key role in the days to come
in tracing those terrorists who often use the Internet or prepaid telephone cards to
communicate messages to their associates for carrying out acts of terrorism and other
purposes," Ahmad said.
The special wing has been established at the headquarters of an intelligence agency in
Islamabad, Pakistan's capital
23
Write up # 5:
The Internet is not yet widespread in Pakistan and is moving at a slow and irregular pace,
said the French Reporters sans frontier organisation in its second annual report (2003) on
cyberspace titled The Internet under Surveillance: Obstacles to the free flow of
information online.The RSF is a Paris-based watchdog that defends imprisoned
journalists and press freedom throughout the world, and protects the publics right to be
informed in accordance with Article 19 of the Universal Declaration of Human Rights.
Regarding Pakistan, there are around 500,000 using the services of privately owned ISPs.
The Internet is not yet widespread and is still mainly accessed through cyber cafs. It
does not seem to be heavily censored. But the Daniel Pearl kidnapping and murder case
showed how extremists could use it. The military regime has made every effort to block
access to a US-based investigative journalism website. Thus forcing the authorities to
establish a cyber crime wing.
24
PROBLEM DEFINITION
Statement of Problem
Lots of the people of Pakistan even dont know exactly what the cyber crime is all about?
Even many of us commit cyber crimes by doing fun at the net and we dont even think of
the punishments because we dont have the knowledge of the cyber laws. We will be
researching on:
THEORETICAL FRAMEWORK
After the preliminary data gathering and the problem statement, the next step is to
examine the critical variables and developing a Theoretical Framework. The critical
variables in our study are:
DEPENDENT VARIABLE:
Cyber Crimes
25
INDEPENDENT VARAIBLES:
1. Greed
2. Power
3. Publicity
4. Revenge
5. Adventure
6. Desire to access forbidden information
7. Destructive mindset
MODERATING VARIABLE:
1. security services
2. awareness
INTERVENING VARIABLES:
Government Policies
Here, our dependent variable is cyber crimes. Since frequency of cyber attacks can vary,
it can be positive, neutral or negative, therefore it is a variable, and because it is our
subject of interest, it is the Dependent variable. The independent variables in our study
are Greed, Power, Publicity, Revenge, Adventure, Desire to access forbidden
information, Destructive mindset. cyber crime (dependent variable) is influenced by all
these independent variables.
There is a positive relationship between these independent variables and the dependent
variable.
26
INDEPENDENT-DEPENDENT VARIABLE RELATIONSHIP
ALONGWITH THE
MODERATING VARIABLE:
Here, security services and the awareness is the moderating variable as it has a strong
contingent effect on the independent variable-dependent variable relationship. The
relationship in any of the independent-dependent variable may change if these factors
change.
HYPOTHESIS DEVELOPMENT
Null Hypothesis:
Alternate Hypothesis:
If the first hypothesis comes true it will verify that though there is positive relationship
between dependent and independent variables due to various government policies cyber
crime is not a threat any more .
27
Else, the second option will show that cyber crime is a threat to everyone as government
and private policies and measure have decreased it but still is a viable factor.
Under scientific research design well take a look at following titles, which gives us the
details of the study.
Types of investigation
Study Setting
Units of Analysis
Sampling Design
Time horizon
Our Study is of hypothesis testing nature .Where are we interested in determining the
nature of certain relationship that is, relationship between our dependent and independent
variable with in the presence of our intervening and moderating variable.
28
TYPES OF INVESIGATION:
Our study is Co-relational study in nature as in this research we are interested in finding
the explanations to different relationships.
While conducting this research our participation in investigation was minimal and the
entire research work was conducted with in normal setting
STUDY SETTING:
We have conducted this research with in non-contrived setting that is neither any variable
was manipulated nor controlled. As our study is co-relational normal settings are chosen
for research work
UNIT OF ANALYSIS:
Our unit of analysis is individuals. We have selected 20 individuals who are IT experts or
IT students from various organizations and institutions.
29
SAMPING DESIGN:
TIME HORIZON:
We have collected the data and have conducted the research at one point in time hence
our research work is cross-sectional in nature.
DATA COLLECTION:
I have collected the data relating to the research work of ours from, preliminary data and
structured interviews.
I have collected the secondary data from websites & have also consulted articles in
different IT related websites and magazines.
30
PRIMARY DATA COLLECTION:
Structured interviews:
I have made a structured interview having the combination of open ended and close
ended questions. This constitutes 10 questions in which 2 are close ended questions while
8 of open ended nature. The list of questions is given on next page.
Interpretation:
This question was basically put forward to understand how Cyber Crime was
precieved by different experts. Even though the term does not change its meaning from
one place to another but the way in which people define it as per the field of study which
they are a part of have a significant effect on the way they define cyber crime. This is
evident the minutes of the interview attached with the report.
But one thing was common all the respondents that they recognized cybercrimes as a
misuse of information technology to achieve on own goals that end up harming the other
party
31
2.1 Yes 10
2.2 No 0
10
10
0 0
YES
NO
INTERPRETATION:
All the respondents no matter from any field of study unanimously agreed
that cyber crime is a threat.
32
Q3. Please identify whether the following forms and means (1) occur frequently, (2)
occur infrequently, or (3) have not occurred, by placing an x as appropriate in the
following table:
0
3.1.1 Occur frequently 6
4
3.1.2 Occur 4
infrequently 6
3.1.3 Has not occurred 0
33
3.2:Hacking:
3.3:Malicious code:
34
3.4: Illegal interception of computer
data:
1
4
5
3.4.1 Occur frequently 4
3.4.2 Occur 5
infrequently
3.4.3 Has not occurred 1
0
4
6
5
3
3.6.1 Occur frequently 5
3.6.2 Occur 3
infrequently 35
3.6.3 Has not occurred 2
3.7: Intentional damage to computer systems or data:
1
3
3.7.1 Occur frequently 3
3.7.2 Occur 6
infrequently 6
3.7.3 Has not occurred 1
B. In addition, to the above, if there are there any other forms and means of
cyber-crime that have occurred (either frequently or infrequently) in your country,
please identify them as well as the frequency with which they occur in the following
table.
Interpretation:
36
The respondents were asked if there are any other forms of cyber crimes which they
know of that wrere not identified in the A part of the questions , they gave the following
answers,
Misuse of pictures
Interpretation:
This question was intended toward what effect cyber crime has on the particular field of
the experts such as in the case of bankers, they face financial crimes through false debits
and credits in computerized accounts. Also identity theft (credit card theft). Or in the case
of software companies whose soft are pirated and sold for much less of their original cost.
Similar is the case of movie and music industry.
Interpretation:
37
Many experts named many significant events some of the most significant event which
were identified are
Y2k Threat
( these events have been defined in detail in the preliminary date gathering stage)
Interpretation:
The respondents were asked that how are they able to counter cyber crime the gave
many suggestions such as we should not disclose any personal information to any one
and especially to strangers. We should use Updated and latest anti-virus software
should be used to protect the computer system against virus attacks. While chatting
on the net one should avoid sending photographs to strangers along with personal
data as it can be misused. Backup volumes of the data should always be kept to
prevent loss from virus contamination. Children should be prevented from accessing
obscene sites by the parents to protect them from spoiling their mind and career. A
credit card number shall never be sent to an unsecured site to prevent fraud or
cheating.
Interpretation:
38
The respondents were asked the reasons because of which more and more people are
intending to commit cyber crime. The response was there are many reasons because
of which people were intended to commit cyber some of the most common reason are
Greed
Power
Publicity
Revenge
Adventure
Desire to access forbidden information
Destructive mindset
Interpretation:
The resopondents that Pakistani security agency has launched a special wing to combat
cyber crimes in part because the country had to rely on U.S. investigators to trace e-mails.
The purpose of establishing the National Response Center for Cyber Crimes is to stop
misuse of the Internet and trace those involved in cyber-related crimes.
9.1 Yes 9
1
9.2 No 1
Yes No 39
Interpretation:
Most respondents believe that still cyber crime is a immanent threat even in the presence
of tough government policies mainly due to the lack to proper implementation.
Q10 Do you want to add any thing to the policies of the government?
Interpretation:
The respondents were asked whether they want to include something in the government
policies which will decrease if not end cyber crimes.they suggested many solutions which
are given at the last part of the report.
DEDUCTION
40
Question No. 2 from the questionnaire were selected to assist in the hypothesis testing.
Null Hypothesis:
Cyber Crime is not a threat
Alternate Hypothesis:
Cyber Crime is a threat
Result:
Since, the calculated value of chi-square is greater then critical value, so we reject the
null hypothesis and hence we accept the alternative hypothesis.
41
Solutions of Cyber Crimes
The Information Technology Act 2000 was passed when the country was facing the
problem of growing cyber crimes. Since the Internet is the medium for huge information
and a large base of communications around the world, it is necessary to take certain
precautions while operating it.
The signs are that criminal abuse of computer networks is an increasing problem.
There is a need for effective substantive and procedural laws coordinated at global, or at
least at European level, to protect the victims of computer-related crime and to bring the
offenders to justice.
From the front lines, the call is for more of everythingmore investigators, more funding
and more attention from lawmakers and upper management. That call may finally be
getting some attention.
While obstacles remain, those involved in the cyber-crime fight say there are growing
reasons for optimism. Law enforcement agencies are sharing information more often and
more widely than ever before. Investigators are more experienced. And, for its part, the
technology industry is working on a variety of products that address some fundamental
issues behind common cyber-crimes.
Evidence that this heightened diligence can turn the tide may be found in the battle
against one of the most widespread and insidious forms of cyber-crime: phishing.
42
Through the clever use of company logos, verbatim text and links to convincing replicas
of corporate Web sites, phishing scammers entice unsuspecting users to give up private
information with appeals bearing titles such as "Problems with your account" and
"Account security measures."
Despite the pilfered graphics, the messages frequently contain obvious spelling and
grammatical errors that can make them more easily identifiable as fakes. However, some
of the messages simply ask recipients to follow an embedded link that takes them to an
exact replica of the victim company's Web site, where they are then prompted to enter
sensitive information. These sorts of attacks are far more difficult to sniff out, especially
given that many of them use authentic-looking URLs.
In March, there were 402 unique new phishing attacks, a 43 percent increase from the
previous month, according to numbers compiled by the Anti-Phishing Working Group,
an industry consortium that tracks phishing activity and comprises financial institutions,
banks and vendors such as Pass Mark Security LLC, of Woodside, Calif., and Science
Applications International Corp., of San Diego.
The schemes are getting more sophisticated with attacks that plant Trojan horses and
backdoors on users' PCs as soon as users open malicious e-mail messages.
"[Phishers] are starting to work with crackers and virus writers. They're sharing code,
using common techniques and taking advantage of vulnerabilities to drop something on
the machines," said Dan Maier, director of product marketing at Tumbleweed
Communications Corp., a provider of secure e-mail solutions based in Redwood City,
Calif., and a member of the Anti-Phishing Working Group. "It's very sophisticated code,"
Maier said.
Acknowledging the problem and taking a lead in the effort to thwart such scams, the
Department of Justice in April issued a five-page report on phishing, warning consumers
and laying out suggested defenses.
The report followed similar efforts from the Office of the Comptroller of the Currency at
the Federal Deposit Insurance Corp., which urged banks to increase monitoring of
phishing-type activities and expand incident-response capabilities to deal with the spike
in online fraud.
Phishing has the attention of the private sector as well. One of the underlying problems
that allow phishing to flourish is that it is hard to determine with any degree of certainty
whether the Web site an unsuspecting victim visits is what it claims to be.
43
By using URL redirectors and other means of deceit, scammers can easily hide the true
address of their malicious site and make it appear as legitimate as eBay.com or
Amazon.com. Identrus LLC, a company that provides identity authentication services to
banks and other financial institutions, is working on a solution to the problem.
Identrus, whose customer base includes most major U.S. banks, plans to issue
"institutional certificates" to its customers and enable those banks to offer client digital
certificates to bank customers later this spring. The institutional certificates will allow the
banks to prove their identities to their customers digitally and the customers to prove their
identities to the banks digitally as well
The primary research concluded certain solutions in order to fight the cyber crimes:
44
CONCLUSION
45
RECOMMENDATION
Any person who operates the net and being exposed to cyber crimes should always abide
by and following principles:
He should not disclose any personal information to any one and especially to
strangers.
Updated and latest anti-virus software should be used to protect the computer
system against virus attacks.
While chatting on the net one should avoid sending photographs to strangers
along with personal data as it can be misused.
Backup volumes of the data should always be kept to prevent loss from virus
contamination.
Children should be prevented from accessing obscene sites by the parents to
protect them from spoiling their mind and career.
A credit card number shall never be sent to an unsecured site to prevent fraud or
cheating.
Effort shall be made to make a security code and program to guard the computer
system from misuse.
Routers and firewalls can be used to protect the computer network.
A check should be kept on the functioning of cyber cafes and any mishappening
shall be reported to the concerned authorities.
Efforts should be made to discourage misuse of computers and access to
unauthorized data.
Strict cyber laws should be formulated and implemented to fight against cyber
criminals.
A guide book of cyber crimes should be made available to common user for the
awareness purpose.
46
REFRENCES
47
V. Golubev, Investigating Computer crime / Monograph - Zaporozhye: University
of Humanities ZIGMU, 2002
T. Tropina, Cyber criminality and terrorism, - http://www.crime-
research.ru/library/Tropina.html.
J. Baturin, A. Zhodzinski, Computer crimes and security - Moscow: Jurid. Lit,
1991, p. 18-34.
48