Cyber Crime

The rapid growth of the Internet and of Computer technology over the past few years has led to the growth of internet related crimes throughout the world. These crimes have no boundaries and may affect an individual, his property, an organization or society at large. Many organizations have been losing their customers, time and money due to their vulnerability to hacking,

Cyber crime may be defined in a general way as an unlawful act wherein the computer is either a tool or a target or both. Cyber crimes can be categorized as follows:

Ø Unauthorized access to computer systems or networks: It means any person who secures access or attempts to secure access to a protected system.

Ø Email bombing: It refers to sending a large amount of emails to the victim resulting in victim’s email account or mail server crashing.

Ø Data didding: This kind of an attack involves altering the raw data just before it is processed by a computer and then changing it back after the processing is completed.

Ø Salami attack: This attack is used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely unnoticed.

Ø Internet time theft: This connotes the usage by an unauthorized person of the Internet hours paid for by another person.

Ø Logic bomb: This is event dependent program. This implies that this program is created to do something only when a certain event (known as a trigger event) occurs.

Ø Virus / worm attack: Virus is a program that attach it selves to a computer or a file and then circulate it selves to other files and to other computers on a network. They usually affect the data on a computer, either by altering or deleting it.

Implications for public policy makers

United Nations, in its International Economic report, suggested that the government in each country has to establish laws that criminalize cyber attacks and enable police to adequately investigate and prosecute such activities. They should also set up risk management policies, regularly review security regulations for information and communication technology and expand training to ensure that their economies have the human resources needed to establish and maintain effective security programs. International, technical and policy co-operation between industrialized and developing countries should be encouraged and supported since all will benefit from better defenses against cyber crime.

It focuses on the challenges posed for the world’s poorer nations by accelerating use of the internet in the conduct of international business and finance. 89% of the enterprises in the European Union countries are connected to the internet. There are few enterprises in the developing countries, for instances, only 5% of firms in Mauritius and 9% in Thailand. In many other developing countries, governments cannot even provide statistics on the topic.

The United States formulated an Act called “Computer fraud and abuse Act in 1984 to deal specifically with unauthorized use of computers and the alteration and destruction of the records they contain both in the domestic as well as its international businesses. This Act prohibits use of a computer to transmit a program or command which damages a computer system or network or interrupts the use of cyber system, trafficking in passwords to US government computers and the use of computer or internet to transmit passwords with the intent to defraud.

The council of Europe’s convention on cyber crime is a collective response by members of the council of Europe (45 states) and some non-member states to the challenge of cyber crime. The convention aims to lay down common definitions of certain criminal offenses and to define common types of investigative powers better suited to the information technology environments by ensuring that relevant criminal procedures are brought into line between countries. It also aims at determining both traditional and new types of international cooperation, to enable cooperating countries to put in place arrangements for the investigation and prosecution of the offenses set forth by the convention, including the use of a network of permanent contacts.

While cyber security technology may vary in sophistication from country to country, they have to provide effective defenses against cyber crime without eroding individual privacy and other human rights. Government policy makers should exchange experiences and establish international modes of co-operations to help in training police, state prosecutors and the judiciary on cyber crime technology and they should share experiences on educating the public about data security measures. Finally governments need to set up methods of co-operation with the private sector including banks to combat cyber crime. They can create a legislative framework and set a benchmark for the courts to decide what constitutes a cyber crime and how to control or impose punitive action against those who involve in such an act.

Implications for International business practitioners

A three-pronged strategy can be adopted by the international business practitioners to control cyber crimes. The first one is to create user awareness and make them know how vulnerable and exposed they are, especially in the wake of convergence of technologies and the proliferation of Internet. The second one is to deploy an effective technological solution, which many companies treat as top most priority, though it is not so. The third one is that companies should have a security policy of their own, as technology only plays a small role in the overall security scenario. The IT manager in the company should only deploy the policy. There should a liberal sharing of forensic technology for achieving standardization of expert efforts. There should also be more cross-country training exchange programmes. Timely alerts should be provided by affected companies to others regarding new forms of crime and new modus operandi.

There are several other recommendations that need to be considered by the firms in high-tech sector. Disruption, denial of service and website defacements will continue to be problems but exploitation of access to information systems for profit is likely to become more pervasive. The trend towards accessing business highlighting security holes and offering one’s service for a significant fee would reduce the problem to an extent.

Criminal intelligence analysis needs to be integrated fully into business intelligence, risk assessment needs to incorporate criminal threats and cyber security needs to be conceptualized as part of a broader security problem that cannot be understood or dealt with in strictly technical terms. Defending against such contingencies requires that high-tech firms develop broad security programs that incorporate cyber security into a much broader program. An arrangement in which the security officer is responsible for cyber security as part of a comprehensive mandate is likely to be more effective and appropriate than one in which cyber security is seen as a distinct portfolio separate from other components of security.

For the high-tech businesses, it is perhaps even more important to know their partners especially when they are from another country. Questions need to be asked about their financing, their clients and their associates as well as the extent to which there are laws against cyber crimes. Thorough background checks are essential prior to allowing any joints of data and communication systems or to bringing in their representatives to work with one’s own employees.

Companies doing business on the internet and particularly those offering mechanisms to facilitate financial transactions need to take steps to identify opportunities for money laundering. Once this is done, they need to introduce safeguards to close loopholes and prevent money laundering.

References:

Organized crime and cyber crime: implications for business
Phil Williams, CERT Coordination centre

UNCTAD press release, 2005
“Developing countries must take steps to fight cyber crime to benefit form boom in e-business”