Virtual information and highly sensitive
The world of Crimes has not restricted itself to the merely physical world but now the e-world is under the same threat at an augmented level. Protecting virtual information that is highly sensitive and valuable in the practical world, from virtual threats is one of the main concerns of security departments these days. The threats and crimes involve; theft of data or information, information's destination that is being transferred, is disguised, and memory clean up after the important data has been accessed. Some of the technical terms that should be understood before proceeding are;
It is the potentiality of a system to be used and exploited by a Botnet or any malicious code. A system that is vulnerable is also known as “open port”. A vulnerable system might have one of the following or all of the following qualities;
- A week or non-operational firewall
- Data base of the viruses in the system's administrator is not updated
- An antivirus software is either not installed, dormant or not updated
- The systems use websites that might install malicious codes
- The systems are connected to any single system which is not protected
Any method that will be implemented to contravene the security policy of anything, any operation or a system is known as threat agent. The basic technique behind all this is the exploitation of an available vulnerability (that might be due to the reasons listed formerly).
It is largely defined as the piece of fact, detail or information that is highly valued and valuable to an organization. This information is usually stored and kept confidential, mostly if not always. This information may range from a simple name and address compilation of customer bases, their Credit card, accounts or financial details (data is highly sensitive if information related to a bank), to a mere marketing, financial and confidential plans about a product to be launched soon. The information of the competitors and military information of another country are also the potential bases of information that are under threat. Generalizing the characteristics of information asset, irrespective of their kind or type, we can extract some common qualities or distinguishing characters between simple information and an information asset.
They are usually
- Highly valuable for the organization and are highly valued too
- Skill, resources (time and monetary), or a combination of both is required to replace the information
- They are highly significant in measuring and determining the corporate identity of a company. Loss of an information asset marks threats to a company's corporate identity as well as its overall existence
- Usually such information is classified as the Proprietary rights or information about it, confidential information or a top secret. This information can be related to a mere company to highly confidential data in some country's investigation bureau or military intelligence
- The information security departments are liable to protect and safeguard highly sensitive information assets of sensitive institutions plus help them protect their assets against potential threats.
Ways to Identify and Analyze an E-crime:
In the category of offences the term “E-Crime” generally refers to offences where computer or internet is used as the primary support to conduct a crime. In commission of such offences, the criminal can be a single individual or a group of individuals (sometimes professional institutions are also involved). These individual(s) is(are) called Hacker(s).
So far the crimes that have been listed under the broader category of e-crimes are credit card deception, online public sale scam, Information or computer hacking, forwarding of disgusting/threatening/offensive or niggling emails and online money making scams where the ask the user to join the website for a minimal amount … make them pay via credit card and then the credit card is gone. With the expanding use of internet and computers, users now must stay highly vigilant against such scams and frauds.
Users can protect themselves by the leaning to know and analyze the potential and upcoming threat. Now while learning to analyze and identify e-crimes, it is commonplace that people usually don't recourse any attempt of e-crime in the civil court. Partially this is inevitable too because in 99.99% cases the offender is always unknown and can't be traced or tracked easily or with minimal expenses. However, still there are strict state and National legislation rules abs procedures for the prosecution of reprobates who commit such crimes, cause the damage they make is always immeasurable and sometimes irreparable as well. Now these law enforcement agencies have enough skills and resources to track and trap these offenders but again the matter takes times and many resources.
The risks that these offences induce, as a result of failure to sufficiently manage and process the information, are;
- Theft of data/equipment for commercial purposes
- Demolition of the information due to a virus
- Illegal and unlawful use of private information
- Unofficial liberate of private and sensitive information
- Unauthorized use of financial information
- Blockade of your own system where you can't do anything and can't make your system process anything
- Purchase scams where you fail to get the items purchased
- Junk, bulk and spam emails, which one doesn't want to receive
- Children accessing to PG 18 or above websites, being exposed to such material via chatting or emails
If you are a fatality of an e-offence it is now very important that you report to the local police instantly or any crime investigation department. Computer offence investigation department in any state, specialize in tracking and managing such offences now.
Identifying and Analyzing ane-Crime:
The identification of an e-crime is not so easy or commonplace by a regular or layman user however, the awareness can be raised among general user and specific users as well for how to identify for an e-crime.
- If you are visiting a website that installs malicious code on you system, as the malicious code is about to execute itself the A/V tool of your antivirus will be shut down automatically, stay vigilant and either turn on the A/V tool instantly or close the browser window that you were visiting.
- Pointless PPC's or money making scams online (unless it is a Forex trading company or a website) are all scams
- Emails that are sent to you by addressing you from the first word in your email address, land in your Junk mail ad usually don't have an opt-in or opt-out option are all scams
- Whenever your antivirus never updates itself automatically, there is a threat
- When your gut-feeling says that there is a threat and your antivirus says “You are all safe”, there is a threat
- Websites demanding for your credit card details instantly, and try to trap you by saying that you invest $1 today and will get $300 tomorrow are scams
- When you are transferring your information and it seems that the speed of data transferring has been changed, instantly look for the reasons first
- If you don't use Triple M technique, the one used by The Bank of America, there is a threat that your data will be under red alert
- You can't get a valid and legal ATM card from the internet, so don't purchase
E crimes and their association with the businesses and its effects on modern SME:
E crime has become a notorious crime and is notorious for the reason that one can easily reach to one's personal details which can become the cause for cyber hacking, copy infringement and other illegal crimes. There are many crimes enlisted in this area and many companies that have been affected by these crimes. Some of them are stated below:
- On February 7, 2000, Yahoo! was attacked by MafiaBoy and that was dome through spamming. Different kinds of messages were sent to yahoo1 and those became difficult to handle. The company suffered losses for three hours due to this reason and the users were also facing difficulties in reaching the website for the same reason.
- Amazon, eBay and Dell computers are big names in their industries and nobody is ignorant of the fact that they are earning billions. Their data was hacked by MafiaBoy again in August 2000. Much of the data was related to the dealings that they make about buying and selling online, as their business greatly thrives on online buying and selling. Many consumers' personal details which they gave to the companies for this transaction was stolen by mafia boy and they were not guilty of their E crime.
- Stanford University and University of California were the ones which had computers that were known to be zombie computers. Such computers are handled by the hackers or are connected with the internet in such a way that they send viruses to other computer and internet connected services of the company. The computers found in these universities were stated to have sent DDoS attacks to many other social networks that disrupted the functioning instantly.
- In the year 2006, a new website was registered named as Russian Business Network. It was thought that the activities it is engaged in are legal but on the back, it was giving way to the computer hackers who were now working actively to steal the private information and gain advantage of that for their own personal and evil uses. The website found out that it was more profitable by using these illegal methods and was hiring the criminals for that purpose. It gave proper offers for the personal identity theft online and cyber crime flourished in that way easily without any restrictions.
There are many other examples in the business world that are affected by E crimes all over the world but that does not mean that the businesses are afraid of what has to come. They should be proactive and be prepared for any forthcoming danger. They should be sensible enough put bars ion the cyber crime so that useless hackers don't destroy their business, whether the business is small, medium or large. The businesses should not be afraid of the danger; rather knowing the danger would help them face it. If they have protected software and registered version of the windows then there are minimal chances that their system would be hacked or harmed by any kid of E crime.
Ethical implications of E crime:
There have been many agencies, businesses and universities that are working towards the serious issue of E crime. They are strong proponents of eliminating this internet using risk from their businesses and lives so that they can work freely in any area and any time. E crime has not been infiltrating the businesses on internal basis but also it is affecting the external dealings. As the businesses are going global, they need to have strict policies and tight regulations regarding E crime so that one certain business does not become notorious for faking the accounts or hacking the personal information of the other company, which will be highly dangerous for the business.
Some of the policies that are devised by the institutions include:
- Cyber Crimes Protection for Centre for Democracy and Technology
- Consumer protection- privacy and security
- Computer legislation
- Computer professionals for social responsibility
- Electronic privacy information centre
- Ethical and legal aspects of human subject's research in cyberspace, and many others
The major reason for this computer infiltration is that people allow easy access to their personal accounts along with their passwords. In many cases, the passwords are shared by a number of people. Firms have deduced policies that should detect the passwords that can be a person's first name, last name, father or family name. There are cases that tell the stories of lawyers using information of the cases they handle or other lawyers for their own use. These lawyers have faced sanctions and are punished severely by the legislative agencies.
Firms should have polices that assure the users that their accounts, passwords and other personal information would be preserved, such as client's file or government records that need special care and security. The system would be able to detect any unauthorized reach on these accounts and they would be able to reach these accounts on daily basis to check whether something disrupting has been done or not.
Understanding of formal processes for identifying and containing E crime:
There are websites that prompt the internet users to click on the phishing messages that keep blurring their screens and ask them to hit them so that they can access to what they are looking. But the reason is that these websites ask for the users' private information and that is then used by the hackers for wrong purposes. This should be disallowed by the websites and the user should be trained and well educated so that he or she does not click on these useless spam messages that are the source of infiltrating one's system for a virus attack. Increased efficiency, accessibility and reliability are the main reasons internet is used by many people all over the world.
If internet is not ‘reliable' then there is no need left for the user to use for being effective or accessible, as that is the biggest issue counted as cyber crime these days. The important transaction information to be collected typically includes content or substance of the transaction, the processing and the identities of the parties. All of this information is used by the internet hackers for their stealth and fraud purposes and they are one masters of the crime who could not be caught.
There should be binding contract between the company and the user that the information which the user would provide should not be let out by any means as this reliance and trust is the grounding pillars of the business on which it would transact the dealings in future. This word of mouth from one user would help the business thrive by leaps and bounds as it would be renowned as trust worthy business while talking of intent usage against E crime.
Many general steps can be taken to take care of the internet crime. They are stated as follows:
- An analysis should be conducted to check on the nature of transaction to be made between the user and the company.
- A cost/benefit analysis should be conducted which would determine that what costs the user will have to pay to get the desired benefits.
- A comprehensive plan should be made to allow the usage of internet safely.
- A “terms and conditions” statement should be presented to the user so that he or she becomes aware of all the facts that he or she can come face to face with.
- If the business that the user has to deal with, has some outside agency to deal with all that private information, then the business must tell the user about that. Also the business must make the full sure of the fact that the agency they have hired is trust worthy and can manage all the dealings fairly.
- In the end, all of the information of the contract should be retained on the paper in written form and should be signed by the business owner and the user both.