- What the cases say about cybercrime.
Cybercrime is a type of crime that criminals use to exploit the convenience, speed and the privacy of the internet in order to execute a wide range of criminal acts that are either physical or virtual and that cause severe harm and pose threat to organizations and victim’s worldwide (Taylor, 2014). It can be noted that, cybercrime has brought about ethical issues such as:
- To gain access to information illegally
This is a form of hacking whereby a person sends instructions that are illegal to a computer or network (White, 2017). The attacker uses different types of software’s such as Metaspliot which is used to penetrate through vulnerable security systems. Such tools are used by attackers to crack into a person’s computer without his/her knowledge from a remote location. This information can be used to gain access to email passwords, credit card numbers and any other sensitive information such as bank account information.
- Issuing threats such as asking for ransom
Cybercrime has also been used by attackers as means of soliciting money from individuals and organizations. Different tools such as the scare ware, screen lockers and encrypting ransom ware. These software’s are used to curtail users from gaining access to computer systems of personal files until demands for the payment of a ransom is met to regain access to these files (Nagunwa, 2014).
- Denial of service
This occurs when attackers can use tools such as the LOIC (Low Orbit Ion Canon) to attack unprotected networks. A DoS attack occurs when an attacker makes a computer system or a server unavailable thereby bringing the service down. This happens when the servers request queue is flooded with fake requests. These type of attack is of two forms in that there is one that floods the service while the other crashes the server (Fung, 2015).
It is therefore clear that cyber-crime targets mostly rich organizations such as banks, hospitals, financial firms and casinos. The reason as to why cyber attackers wants to interfere with these systems is because they always aim to make big money easily. According to (Cerrudo, 2015), the following reasons are as to why systems in these organizations are prone to attacks:
- Complexity – cyber criminals always take the advantage of the complexity of the operating system. The more complex these operating systems are the easier it is for a cyber-criminals to take advantage of.
- Negligence – this is another factor that provides attackers the control and access over computer systems. Activities such as failing to log out from computers, lack of use of antiviruses makes it easy for an attacker have control over the systems. It is therefore advisable for every individual to take control of his/her actions while using these systems in providing a degree of security.
- Limited storage capacity – limited storage is one unique characteristic of computers that makes it easy for attackers steal useful information and use it for their own profit. It is therefore advisable for organizations to have large database systems that are well protected by antiviruses.
- The loss of evidence – loss of evidence is a common and obvious problem which paralyzes the system behind the investigation of cyber-crime. This is because information retrieved after an attack is destroyed so that investigators cannot have a trace of it.
Technology is an important aspect in today’s digital world. Organizations and people are now living in a digital world where they can obtain anything they need easily because of technology. The use of the internet is increasing day by day thus making the world small. Technology have also interconnected people from various geographical regions. Organizations have had tremendous growth as a result of incorporating business processes such as marketing, advertising and human resource. Unfortunately we are prone to serious effects that technology has come with. Cybercrime is one the threat that internet users face on a daily basis. Cybercrime has made many organization paralyze their operations as well as lose their money.
The main issue surrounding cyber-crime is that can it be prevented? And if cyber-crime can be prevented, what are the main ways in which we can tackle the problem of cyber-crime?
Cyber-crime is an issue that can be prevented. First of all, organizations must establish multidimensional public-private collaborations between the IT industry, internet companies, law enforcement agencies, financial institutions and security organizations (Moore, 2014). According to (Peltier, 2016), some of the measures that any individual or organization should protect itself from cyber-crime include:
- The use of strong passwords
- Securing mobile devices from malicious software such as hackers and viruses. The systems should also be kept up-to-date and that the software’s being used are from trusted sources.
- The organizations should also train its employees on how to use systems correctly to prevent any breach of information. They should also come up with systems that monitor activities of employees while using the computer systems.
Ransom ware attack
Wannacry is a type of ransom ware crypto worm attack that its main target was those computers running on Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin crypto currency (Pathak & Nanded, 2016).
Computers at this organization were vulnerable to the attack because their computer systems were not upgraded hence became vulnerable to the attack. Lack of time, resources and ignorance were among the issues that contributed to the attack.
This attack led to a situation where operations and appointments were cancelled e.g. 139 cancer patients had urgent referrals canceled. In addition to that it is not known how many ambulances and individuals were diverted from five accident and emergency departments who were unable to treat some patients.
- The infection on NHS computers led to the cancellation of about 6,912 appointments. Its operations were paralyzed such that the hospital could not treat the patients it had appointment with.
- It should determine if there are any notification requirement
These notifications may be obligated under contractual statutes or requirements depending on industry and jurisdiction of enforcers.
Attack on Telefonica
This is one of the largest Telecom companies in Spain. Wannacry attack hit the company which left many computers at the organization inaccessible. Even though the company’s management sent memos to its employees demanding them to shut down the computers, the main problem is that they had not installed patches that Microsoft had issued so that they can be run in Windows operating systems.
It led to the loss of important information at the organization. It is said that 85% of the computers were affected and its employees were sent home after the attack
It led to the disclosure of important information to the company.
State and federal agencies have improved their attention on whether firms have reasonable cyber security protections in place even where a firm is the victim of a cyber-attack
This is an organization that deals with package delivery. It announced that TNT Express, one of its subsidiary had been hit by the ransom ware attack.
The attack spread to almost 150 countries where it operates. Systems across Asia, Europe and the US had been crippled. Network services were slowed, moreover TNT Express unit operating in Europe lost up to $300 million.
The attack delayed operations of the company. It created unemployment since some workers did not continue with their work.
The attack led to the establishment of the Cyber security Information Sharing Act of 2015 in order to establish new means of security and nurture the sharing of information by the private sector to the government.
Attack on Hitachi
This is a Japanese firm that deals with electronic mails services. It was hit by the ransom ware attack leading to a situation where the staff could not receive or send messages or even have an access to attachments.
The email system of one of the hospitals in Japan was hit.
An online system for Japanese retailers was disrupted. The deliveries of household products such as refrigerators and washing machines were derailed.
The attack led to loss of confidentiality because information in the mails and attachments was disclosed.
It has led organizations apply for cyber insurance. This is because organizations can be given advice on how to cover themselves during attacks.
Github organization, which is web hosting company, was attacked. According to (Bhuyan, 2015), it is said large number of traffic signals were identified in their personal servers. Attackers also flooded Github services as well as injecting malware to their servers to produce unauthorized signals that blocked the network.
Although it survived one of the greatest DDoS attack ever recorded, it experienced outages where the system networks had been held captive. The organization called for help from Akamai Prolexic who wiped out data and malicious packets.
It has led to the escalation of losses which have been not only been annoying but also disastrous to some of the users. It is therefore required that users use preventive measures since the attacks are going to increase
This is a German online gambling site that was recently hit by the attack.
Customers were prevented from accessing the site for 16hours leading to the loss of income
DDOS have led to outages and even making sites slow. It also leads to a situation where authorized users can access services from the servers.
DDOS attacks limit the right of people to access what is lawfully theirs. This leads to the lack of trust between organizations and its customers.
This is a service provider to many websites such as Twitter, PayPal, Amazon, and Netflix among others. Two Mirai botnet attacks were used to manage the DNS infrastructure of the company on one of the attack. In the second attack, the servers were flooded with high volumes of UDP and TCP infected packets.
Devices were hijacked. At first the estimated number of endpoints attacked were 100000-150000 and were as a result of the traffic generated by retry activity as recursive servers attempted to refresh their caches.
It has led to increased number of cyber protesters in the internet
The hacking has made government bodies take action whereby the state has issued laws to counter hacking.
Attack on Aljazeera
The attack targeted the company’s websites, systems and social media platforms. The website had to be shut down temporarily for security reasons.
The integrity of the company was breached thus sensitive information was at the hands of the public. This could have brought riots affecting the security.
The attack led to breach of information. Sensitive information which can lead to unrest has been released the people. For example, back in 2003 a news network published photos of US soldiers imprisoned by the Iraqi forces.
Wannacry, a form of ransom ware, was used by attackers in large organizations to solicit money and also affect systems. This attack used malware, spyware, ransom ware and viruses to infect the systems which influences data and files in the system (Mohurle, 2017). Among those affected are Microsoft operating system where attackers used crypto worm to encrypt data and demand for ransom in form Bitcoin crypto currency. The number of victims and systems affected were 200,000 and 300,000 respectively. Other organizations includes the National Health Service, Nissan and Renault production system.
DDOS is hailed as the most common of cyber-crimes. After the attack Github came up with various strategies and plans and also adopted an advanced security systems such as pattern recognition and biometric recognition systems.
Ransomware is another type of cyber-attack, which is used to issue threats to organizations and individual by an attacker who penetrates through their systems and encrypts all the personal information. The parties involved in these attacks involve huge organizations such as banks, healthcare organizations and other firms such as web hosting companies. Some of the countries involved in these attacks are among US, Europe, India and the UK. To prevent these attacks organizations have opted to use Mimecast, which is a SaaS based subscription. It helps organization centralize by eliminating requirements of managing and deploying several solutions from different vendors.
The botnet attack a type of attack that is executed to steal data, allow access to a device and connection, send spam and conduct a distributed denial-of-service attack. The malware collects information such as the type of servers, IP address and computer devices. It involves the creation of a botnet army which are then sent directly to the target system. They send internet/network based requests in large bulks. The requests can be in form of ping messages or bulk email messages that can slow down the network making it hard for authorized use to access it. Github is one of the organization hit by such attacks
In conclusion, cybercrime has brought about issues that every individual and organization is required to implement before they can use the internet. Security is one of the issues. Organizations must therefore be conscious when such issues arise. Training employees is one of measures as to protect personal information by using complex passwords that are hard to crack. There is also a great importance on how we protect computers at the workplace. System upgrade should be done constantly as well as installing firewalls to protect the network from attacks. The use of antivirus programs is key to keep away viruses that affect the immunity of computers (Yunfei, 2015).
Information should also be backed up to ensure the safety and recovery of data. Due to emerging technologies such as cloud computing, it ensure total safety of important information. In case of any cyber-attacks, information will be easily retrieved thus it won’t affect the daily operations of the organization (Ali, 2015).
Most parties involved in cybercrime are organizations such as the banks, hospitals, webhosting companies, rich individuals and other large firms
Which countries are involved?
Countries most hit by issues to do with cyber-crime include the US, India, the UK and Britain.
What is being done to resolve cyber-crime?
Companies such as Github have hired security companies such as the Akamai Prolexic community to help them with the issue of cyber-attacks.
Mimecast has also been used to secure and manage organization emails.
What authorities are doing to deal with cyber-crime?
Authorities such as the INTERPOL is committed to eradicate cybercrime as well as handling crimes that are cyber-enabled. It main initiatives are, cyber intelligence and analysis, innovation and research, digital forensics, national cyber reviews to mention a few. It also offers modern training techniques and the development of innovative new policing tools.
Recommendations and solution
It is of great importance for organizations to protect themselves from attacks that may violate their privacy. They should make sure they have the right personnel and resources to protect themselves from any kind of attacks. The use of devices such as firewall, software’s like updated antiviruses from trusted sources are the very key resources that an organization can use to offer protection. Employees should also be trained and monitored on how they use computer systems at the workplace. They should also report on any kind of interference so that the necessary actions against attack can be put into practice.
Ali, M., Khan, S. U., & Vasilakos, A. V. (2015). Security in cloud computing: Opportunities and challenges. Information sciences, 305, 357-383.
Cerrudo, C. (2015). An emerging US (and world) threat: Cities wide open to cyber attacks. Securing Smart Cities.
Fung, C. J., & McCormick, B. (2015, November). VGuard: A distributed denial of service attack mitigation method using network function virtualization. In 2015 11th International Conference on Network and Service Management (CNSM) (pp. 64-70). IEEE.
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017.
International Journal of Advanced Research in Computer Science, 8(5), 1938-1940.
Nagunwa, T. (2014). Behind identity theft and fraud in cyberspace: the current landscape of
phishing vectors. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 3(1), 72-83
Pathak, P. B., & Nanded, Y. M. (2016). A dangerous trend of cybercrime: ransomware growing
challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications.
Taylor, R. W., Fritsch, E. J., & Liederbach, J. (2014). Digital crime and digital terrorism. Prentice Hall Press.
White, G. B., Fisch, E. A., & Pooch, U. W. (2017). Computer system and network security. CRC press.
Yunfei, L., Yuanbao, C., Xuan, W., Xuan, L., & Qi, Z. (2015, August). A Framework of Cyber
Security Protection for Warship Systems. In Intelligent Systems Design and Engineering Applications (ISDEA), 2015 Sixth International Conference on (pp. 17-20). IEEE.