18 October 2006

Cyber criminal versus cyber citizen

ANYONE can enter the cyber world without having to indulge in personal identification. The ability to navigate the entire web without having to reveal one's true identity encourages covert activities where a netizen (a cyber citizen) turns a criminal.

Illicit conversations in chat rooms, flaming wars through e-mails and exchange of indecent material and photographs through websites, all happen due to the advantage of this anonymity. Such anonymity protects an individual's privacy in a way but might be a threat to security. Cyber criminals clearly disturb this fine balance between privacy and security.

Every violation of computer and data security involves a cyber crime. But every cyber crime need not be involving a security breach. A computer can be used as a tool to commit a crime. For example a computer can create an illegal copy of copyrighted material say a software programe or music. Technology is a tool to this crime and hence qualified as electronic crime.
Many criminals use the Internet's e-mail and chat forums to abuse others in the electronic world. It is also possible to stalk people online and in the worse their identity could be stolen and misused. Criminals use cyber technology to indulge in illegal drug traffic, money laundering and illegal gambling. The above activities are performed using technology but do not require violating security mechanisms.

So while securing computers is an important measure in combating cyber crime, it alone is not sufficed. Strict laws concerning electronic transactions and misuse of electronic communication channels needs to be put in place. Some advanced countries have enacted e-legislation in this direction and are able to levy penalties and enforce criminal charges against cyber criminals.
The arrest of a man last week, being accused of using stolen credit cards to buy furniture is a small but the right step in the right direction to fight identity theft and computer crime.

According to Identity Theft Survey Report by the Federal Trade Commission of the US in 2003, 9.9 million people became victims of identity theft in that year alone while the average loss to businesses per victim was $4,800, and the loss to businesses amounted to $47.6 billion.
These numbers are only indicative of the financial gain that hackers or cyber thieves get. No more are they just thrilled about breaking security mechanism to take pride their intellectual capabilities. They are more serious, making cyber crime a lucrative business — a risk worth taking considering the returns.

No longer can we relax at the benefit of connecting online and accessing the archive of information. It is mandatory to put the required anti-virus software in place and keep updating the signatures regularly. Installing software patches, is no longer optional but a critical crime shield. No longer can an IT manager connect his office computers and claim the relief of having a LAN (Local Area Network). He needs to secure the data held within his network from intrusion with appropriate tools and technology.

Policies for acceptable and restricted usage must be established and strictly followed in practice. It is interesting to note that new words are being added to the dictionary like 'cyberterrorism' and 'hacktivism' due to the strong impact they have made. Cyber attacks seem to indicate a new form of civil disobedience activism that completely disregards social ethics. Hackers have formed worldwide communities in order to launch attacks of greater magnitude with better undercover.

In 1990 when the US telecommunication giant AT&T's services were disrupted for several hours, the officials responsible reasoned it due a software malfunction. However many are of the opinion that it could have been a notorious cyber attack launched on US infrastructure.
Subsequently the emphasis on protection of national critical infrastructure became so high that in 2002 a separate bill was passed by the US senate to protect computer networks from cyberterrorism. A technology novelist creatively coined the term, 'electronic Pearl Harbor', in 1991 to refer to such cyber attacks.

Quoting John Gilligan, the US-Air Force CIO, 'about 80 per cent of successful penetrations of federal computer systems can be attributed to software full of bugs, trapdoors, and "Easter eggs" — programming errors and quirks inserted into the code that could leave software vulnerable to hackers. It is time to develop secure programming as part of taking enterprise wide security measures to secure systems from cyber criminals.

09 October 2006

Cyber Crime — age no bar

Cyber Crime — age no bar;place no bar; technology will do

Reports on criminal activities involving technology are now creeping in to top news in the media. More and more people are aware of identity scams, phishing mails and credit card data thefts. But even some modern online business concepts, tools and programs were not identified to be of criminal nature when they first showed up their presence.

According to Computer Crime Research Centre news, among people caught as cyber criminals, the youngest was a 14-year-old middle school student while the oldest is a sexagenarian man arrested for illegally accessing his former company's data system. So when it comes to cyber crime age seems no bar. Just last month a 17-year-old boy stole personal details of one of his teachers from an online networking community site called myspace.com. He used this information to impersonate his teacher and send inappropriate messages to other students through the same site. He was arrested on suspicion and the case is still going on.

Consider three incidents, each being a different criminal activity involving technology, all qualifying to be named as cyber crimes. Music rocks the world beyond borders, but the modern MP3 (MPEG-Motion Pictures Experts Group-layer 3) format became a phenomenon for easy and free music sharing. A high school student named Shawn Fanning, started Napster.com in May 1999, built on a program that enabled peer-to-peer file sharing through the Internet.

Music 'free ride' began gaining momentum, while the artistes and recording companies reacted with a legal suit. After a court order to protect Intellectual Property Right through copyright system, napster was shutdown to the disappointment of 80 million registered users. Still it paved the way for a new range of file-sharing services conceptualised by KaZaa, BearShare, Shareaza, Ares, Limewire, Morpheus etc. While Amazon, eBay, yahoo CNN and many other online entities were steadily building e-commerce systems and operating as successful business models, there came a stern warning from criminals in February 2000.

A series of cyber attacks called 'denial of service' launched on these websites overloaded their systems and choked their online communications. Legitimate users couldn't get access to their services from any of these sites for a brief period of time. Apart from loss of business, a serious blemish stained public trust in online commerce activities.Infection of computer virus spread like instant infection with the 'I Love You' computer virus in May 2000. Computing machines across the continents were infected and paralysed, crippling vital information and communication systems.

According to a research firm over 45 million computers around the world were affected by various strains of this virus, with financial damage being estimated to be over $10 billion. Way back in 1981, the first virus attacking Apple computer Elk Cloner harmlessly displayed the message "It will get on all your disks; It will infiltrate your chips. Yes it's Cloner" and spread through floppy disks. They have progressed far since then, in their range, reach, motive and proficiency.

During the 1970s and 1980s disgruntled employees were known to tamper data archives and sabotage computer systems for vendetta. Later on, brilliant programmers created virus that hampered other systems for mere fun while malicious programmers accessed restricted systems to exhibit their intellectual capabilities.

Modern crimes have become more sophisticated and well organised as there is alluring opportunities to make money fraudulently. While only few of these crimes reach the media many go unreported. Electronic crime most often creates loss of data, transaction or business. But most often it diminishes public trust and the business looses its credibility as the criminal attacks expose the vulnerability of their systems. All goodwill that is built over the years may be lost in no matter of time. Next week let us get to know more about cyber criminals.

23 September 2006

Technology a double-edged knife

ALMOST 25 years after the commercial success of the PC we now almost consider it indispensable in our every day life. Although it is still a luxury item to a section of the society, it is only a matter of time before they will be exposed and engulfed by this little device through common shared access system. The power of information and communication technology can be accessed even through the telephones which are often considered more affordable to most people.

We have witnessed that technology such as the computers have grown much beyond their initial computing functions. Robotic surgery, electronic match-making, remote-sensing weather forecasts are reality of modern times. Social life is sustained and nourished through electronic devices and channels.

Businesses are considering information processing a necessity. Governments are aiming to meaningful information exchange with citizen for providing public services electronically. Finance industry is showing interest in creating electronic cash and asset related documents and has established secure and widely-covered networks.

True to the nature's law that nothing can be perfect, technology has its negative aspects as well. It has opened up affordable and accessible opportunities to anti-socials and criminals to thrive in the cyber world. Technologies are providing new avenues for crimes both traditional and non-traditional. Traditional crimes such as theft, stalking and money laundering are being done electronically though non-traditional means. Novel crimes such as cybersqatting, phishing and spamming are plaguing the cyber world.

Cyber space is the word commonly used to mean a range of digital avenues such as the Internet, Electronic Bulleting Boards, online services used for exchanging information through electronic network and other digital communication systems. Millions of people have connected their Personal Computers to the Internet. By this they have exposed their sensitive data to millions of others including the cyber criminals.

Internet-based scams and other abuses are exploiting the Internet's unique power to connect us to millions of people all over the world. Businesses worldwide have created internal computer networks to organise and share business information among their employees. Such systems also connect with their customers and collaborate with their partners. Data that needs to be shared between them needs to travel through secure channels. Only those with authority need to have access to data and not simply everyone on the connected network.

The network of people in the digital world is ever increasing, making every single participant more vulnerable. In exchange for the comfort of banking or trading online, one has to risk their identity and privacy. No longer can we remain blissfully ignorant about technology. We are forced to learn to protect our privacy and protect our assets digitised for the digital world. Our home computers can be hacked. Emails accounts can be trespassed and we may even look like spammers when our address book is misused. Our children are more vulnerable to the cyber criminals and they may be caught unaware while surfing online or chatting though message centres.

It is high time that we had some homebound policing in addition to Internet Service Level regulation. With due responsibility on the part of an intermediary service provider, a cohesive self-regulation must take place with industry standards, policies and codes of conduct. An authoritative supervision must hold regime over the application of such standards and procedures.

Due to the inherent nature of the Internet no single regulation can bind the entire global operations. National regulations can be enforced only within national boundaries. This in legal terms is called as 'jurisdiction'; an area within which a law can be enforced. Digital Oman will take you through an enlightening journey of cyber crimes. It shall be both informative as well as entertaining with real world legal cases. Let us get to know the spammers and spoofers with all their motives.

It's time to learn cyber combat techniques to break the cyber invasion of our privacy with Digital Oman.

BC — ‘Before Computers’; AD — ‘After Digital’

HAVE we ever thought about life before the advent of computers? As perceived by a sceptic, BC now shall mean Before Computers while AD means After Digital. Families that gathered around fire in the BCs are now sitting before digital entertainment devices.

Friends and family are just an e-mail or chat-session away in AD. Books are being typed, downloaded and read electronically unlike with scrolls and ink in the BCs.No longer do we pay money for shopping in the ADs; we simply swipe electronic cards. Meeting people is easier than in the BCs; no need to travel; just click the buttons and Voila! Our voice and images reach beyond borders instantly.

Technology has touched social, economical dimensions with the intangibility of the digital products. Not just our wealth or our knowledge, even our identity is commoditised in the electronic era. Money, music, movie, books, shares, photographs are all digitised. E-Books, e-mails, e-readers, e-cash, e-tickets are all part and parcel of normal life in the ADs.

Over one billion people can access the Internet according to a study in 2006 and it is also predicted that the number will continue to rise faster in countries other than the US where the penetration is about 70 per cent. We have been caught unaware by a revolution more subtle than industrial revolution that gave us the modern machines.

It is a revolution that is constantly making a stronger impact through information and communication technologies. Each day a new software or a device or a technology arrives making our lives easier, faster, more functional, more efficient and even more fun. We belong to the GenY (GenerationY) community which has embarked the information highway named so by the former US vice-president Al Gore.

People shop, talk, mail, see, hear, write, vote, consume and even relax with the aid of novel information technologies. This is the 'Information Society', a product of the information era, where the supply of information and their electronic exchange supports both our social and economic lives. It is of common impression that all such technologies are just in their nascent stages.

There is anticipation for more sophistication in the technologies that are in use today. How many of us are we really ready for more? The information society is expanding beyond our homes, offices and national boundaries spanning the globe. Entertainment within the home is competing for our attention with new and new devices everyday.Work at office is seldom complete without searching electronic archives or instant electronic transmission.

Most of us recollect the panic we feel when we forget the PIN number of our bank ATM card. Some of us even recollect rushing to call the bank to stop all payments after finding the ATM card missing. Loosing the passport and being stranded in a foreign land, is a truly a night mare situation. So in total our normal life can come to a grinding halt if we are not identified through information processing systems that require electronic identity documents.We have reached a stage where our activities come to a stand still in the absence of our identity records.

At this point identity shall mean national identity card, health bank account card or even passport like documents. Just revisit how technology has permeated all our life events. To begin with birth and death are recorded electronically.

An identity provided by registering this event forms the fundamental characteristics that is being verified and authenticated all through future. Consider the case of National Identity cards.It is almost impossible to claim your identity without it. You need this identity to avail educational opportunities, drive and own automobiles, operate bank accounts, visit other countries, run your own business or access medical or social benefits. These identity cards are now electronic in the sense that the data about every single individual is recorded electronically and held in a database.

In order to avoid false impersonation, even sensitive data like fingerprints, iris scans, signatures are held in electronic format.Every one shows concern about how the security of these data archives. We are now in a situation where we are vulnerable to our electronic existence. Impersonators and cyber criminals are in the look out for our identities. They indulge in covert activities involving electronic data and transmission.

Through Digital Oman let us trace through cyber crime which is considered to be the new weaponry for war and resulting dominance.

Digital Oman - Column

This column appears in the government news daily of Oman 'Oman Observer' every week. It discusses technology matters ranging from e-government, security, e-finance, e-legislation, cybercrimes among others.

The column has been run by me privately for several years. Throught this blog I shall upload my print articles on Information Technology from now on.

Soliciting your comments on content, structure and style. ----The Author.