CYBER CRIME & HACKING

ABSTRACTThis paper explores the fast growing Cyberworld and its components. It starts with definitions of who is the hacker, and what is a cybercrime. Types and offenses of cybercrime are addressed as well. The paper concentrates on the possibilities to protect ourselves from the cybercrime, and guard Cyberworld from us. Therefore, it emphasizes the importance of users' education, starting from the early age, creation and enforcement of policies, and awareness training. The paper presents laws, applicable to the computer related crime.

INTRODUCTIONAny use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. Cybercrime, especially through the Internet, has grown in importance as the computer has become central to commerce, entertainment, and government. The international nature of cybercrimes has led to international cyberlaws. The following is a selection of items (artistic styles or groups, constructions, events, fictional characters, organizations, publications) associated with "cybercrime":Malware

Trojan horse

Phishing

Spyware

Hacking

Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code.

The facts about cybercrimes:Cybercrime has now surpassed illegal drug trafficking as a criminal moneymake;

Somebodys identity is stolen every 3 seconds as a result of cybercrime;

Without a sophisticated security package, your unprotected PC can become infected within four minutes of connecting to the Internet.

We can categorize Cyber crimes in two ways:The Computer as a Target: using a computer to attack other computers. e.g. Hacking, Virus/Worm attacks, DOS attack etc.

The computer as a weapon: using a computer to commit real world crimes. E.g. Cyber Terrorism, IPR violations,

Credit card frauds, EFT frauds, Pornography etc.

TECHNICAL ASPECTSTechnological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as:

1. Unauthorized access & Hacking: Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. By hacking web server taking control on another persons website called as web hijacking.

2. Trojan Attack: The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. The name Trojan Horse is popular. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. An example would be where the victim unknowingly downloads a Trojan horse virus, which installs a keystroke logger on his or her machine. The keystroke logger allows the hacker to steal private data such as internet banking and email passwords. Another common form of this cybercrime is phishing. This is where the victim receives a supposedly legitimate email (quite often claiming to be a bank or credit card company) with a link that leads to a hostile website. Once the link is clicked, the PC can then be infected with a virus.

3. Virus and Worm attack: A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. Programs that multiply like viruses but spread from computer to computer are called as worms.

4. Malware : Malware, short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses. Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. Malware is not the same as defective software, that is, software that has a legitimate purpose but contains harmful bugs. Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.

HACKINGIn the broadest terms hacking is just a slang expression for people that try to figure stuff out. For example, your microwave breaks down, so you buy a new one - but instead of throwing the old one out, you take it apart and look at the parts for interest sake to see if you can understand how it worked. In computer terms, hacking can be used in a mild way to describe simple looking for ways to see things like hidden code on a page, or it can be used for strong meaning like a series of specific actions done to allow someone to access a password protected situation. While breaching privacy to detect cybercrime works well when the crimes involve the theft and misuse of information like credit card numbers and personal data.

THREATS OF HACKINGMost emails on the Internet are sent in the plaintext from and hence can easily be recorded and spied with the help of a sniffer. This email not only puts the personal conversations at risk, but even the sensitive business deals can be violated with the help of sniffer tools. Its very easy for an attacker to send out abusive E-mails to the victim and remain completely anonymous at the same time.Another common problem with e-mail clients is that while a user is being authenticated the username and password pair is sent in plaintext to the mail server. This makes it very easy for an attacker to use a sniffer to sniff the password of a victim and carry out malicious activities. Attackers commonly use e-mail to carry out social engineering attacks both human and computer based. Spam has become an extremely big problem for all e-mail users. A recent report revealed that spam contributed more than 70% of all e-mail on the internet. Spam e-mails not only clutters up your inbox, but it also leads to a waste of time and resources in the storing and reading of useless information.

NEED FOR ETHICAL HACKINGDue to the threat and insecurity from the illegal hackers need to be stopped. So a new concept of ethical hacking has been introduced. The ethical hacking works as a security agency which provides security according to the needs. Ethical hacking is a legal hacking process to prevent the cyber crime. To catch a thief, think like a thief. Thats the basis for ethical hacking. The law of averages works against security. With the increased numbers and expanding knowledge of hackers combined with the growing number of system vulnerabilities and other unknowns, the time will come when all computer systems are hacked or compromised in some way. Protecting your systems from the bad guys and not just the generic vulnerabilities that everyone knows about is absolutely critical.

ETHICAL HACKINGEthical hacking also known as penetration testing or white-hat hacking involves the same tools, tricks, and techniques that hackers use, but with one major difference: Ethical hacking is legal. Ethical hacking is performed with the targets permission. The intent of ethical hacking is to discover vulnerabilities from a hackers viewpoint so systems can be better secured. Its part of an overall information risk management program that allows for ongoing security improvements. Ethical hacking can also ensure that vendors claims about the security of their products are legitimate.Hacking preys on weak security practices and undisclosed vulnerabilities. Firewalls, encryption, and virtual private networks (VPNs) can create a false feeling of safety. These security systems often focus on high-level vulnerabilities, such as viruses and traffic through a firewall, without affecting how hackers work. Attacking your own systems to discover vulnerabilities is a step to making them more secure. This is the only proven method of greatly hardening your systems from attack. If you dont identify weaknesses, its a matter of time before the vulnerabilities are exploited. As hackers expand their knowledge, so should you. You must think like them to protect your systems from them. You, as the ethical hacker, must know activities hackers carry out and how to stop their efforts. You should know what to look for and how to use that information to thwart hackers efforts. You dont have to protect your systems from everything. You cant. The only protection against everything is to unplug your computer systems and lock them away so no one can touch them not even you. Thats not the best approach to information security. Whats important is to protect your systems from known vulnerabilities and common hacker attacks. Its impossible to buttress all possible vulnerabilities on all your systems. You cant plan for all possible attacks especially the ones that are currently unknown. However, the more combinations you try the more you test whole systems instead of individual units the better your chances of discovering vulnerabilities that affect everything as a whole. Dont take ethical hacking too far, though. It makes little sense to harden your systems from unlikely attacks. For instance, if you dont have a lot of foot traffic in your office and no internal Web server running, you may not have as much to worry about as an Internet hosting provider would have. However, dont forget about insider threats from malicious employees!

CONCLUSIONHacking can be used in either of the two ways In a good use to help the government for the betterment of the people or it can also be a major crime which can create a disaster. So its our responsibilities for using the concept of hacking for the betterment of the society. For this ethical hacking concept has been introduced so that the white hat hackers can create a lot advancements in the security system of a country.

REFERENCESFoote D. (2002, March). Good Ethics at Work Lie in the Hiring. Computerworld. http://www.computerworld_.com/printthis/2002/0,4814,68719,00.html

Harvey B. (2004). Computer hacking and ethics. University of California, Berkeley. http://www.cs.berkeley.edu/~bh/hackers.html

Internet Stuff. (2004, May, 25). 2004 E-Crime Watch Survey. http://www.cert.org/about/ecrime.html

Internet Stuff. (2004). Threats and protection by Homeland Security. http://www.dhs.gov/dhspublic/display?theme =30&content=3813

Internet stuff. (2004). What is cyber crime. http://www.cybercitizenship.org/crime/crime.html

Khalid A. (2004, March 5). Cyber crime: Business and the law on different pages. The Star. http://www.niser.org.my/news/2004_03_05_01.html

Labuschagne L. (2000, July). Evaluation criteria. Rand Afrikaans University. http://csweb.rau.ac.za/staff/labuschagne/research/articles/eth_hac.pdf