18 October 2006

Cyber criminal versus cyber citizen

ANYONE can enter the cyber world without having to indulge in personal identification. The ability to navigate the entire web without having to reveal one's true identity encourages covert activities where a netizen (a cyber citizen) turns a criminal.

Illicit conversations in chat rooms, flaming wars through e-mails and exchange of indecent material and photographs through websites, all happen due to the advantage of this anonymity. Such anonymity protects an individual's privacy in a way but might be a threat to security. Cyber criminals clearly disturb this fine balance between privacy and security.

Every violation of computer and data security involves a cyber crime. But every cyber crime need not be involving a security breach. A computer can be used as a tool to commit a crime. For example a computer can create an illegal copy of copyrighted material say a software programe or music. Technology is a tool to this crime and hence qualified as electronic crime.
Many criminals use the Internet's e-mail and chat forums to abuse others in the electronic world. It is also possible to stalk people online and in the worse their identity could be stolen and misused. Criminals use cyber technology to indulge in illegal drug traffic, money laundering and illegal gambling. The above activities are performed using technology but do not require violating security mechanisms.

So while securing computers is an important measure in combating cyber crime, it alone is not sufficed. Strict laws concerning electronic transactions and misuse of electronic communication channels needs to be put in place. Some advanced countries have enacted e-legislation in this direction and are able to levy penalties and enforce criminal charges against cyber criminals.
The arrest of a man last week, being accused of using stolen credit cards to buy furniture is a small but the right step in the right direction to fight identity theft and computer crime.

According to Identity Theft Survey Report by the Federal Trade Commission of the US in 2003, 9.9 million people became victims of identity theft in that year alone while the average loss to businesses per victim was $4,800, and the loss to businesses amounted to $47.6 billion.
These numbers are only indicative of the financial gain that hackers or cyber thieves get. No more are they just thrilled about breaking security mechanism to take pride their intellectual capabilities. They are more serious, making cyber crime a lucrative business — a risk worth taking considering the returns.

No longer can we relax at the benefit of connecting online and accessing the archive of information. It is mandatory to put the required anti-virus software in place and keep updating the signatures regularly. Installing software patches, is no longer optional but a critical crime shield. No longer can an IT manager connect his office computers and claim the relief of having a LAN (Local Area Network). He needs to secure the data held within his network from intrusion with appropriate tools and technology.

Policies for acceptable and restricted usage must be established and strictly followed in practice. It is interesting to note that new words are being added to the dictionary like 'cyberterrorism' and 'hacktivism' due to the strong impact they have made. Cyber attacks seem to indicate a new form of civil disobedience activism that completely disregards social ethics. Hackers have formed worldwide communities in order to launch attacks of greater magnitude with better undercover.

In 1990 when the US telecommunication giant AT&T's services were disrupted for several hours, the officials responsible reasoned it due a software malfunction. However many are of the opinion that it could have been a notorious cyber attack launched on US infrastructure.
Subsequently the emphasis on protection of national critical infrastructure became so high that in 2002 a separate bill was passed by the US senate to protect computer networks from cyberterrorism. A technology novelist creatively coined the term, 'electronic Pearl Harbor', in 1991 to refer to such cyber attacks.

Quoting John Gilligan, the US-Air Force CIO, 'about 80 per cent of successful penetrations of federal computer systems can be attributed to software full of bugs, trapdoors, and "Easter eggs" — programming errors and quirks inserted into the code that could leave software vulnerable to hackers. It is time to develop secure programming as part of taking enterprise wide security measures to secure systems from cyber criminals.