The issue of cybercrime is not a new thing anymore to our society; yet there is a major misunderstanding amongst academics, computer security specialists and users as to the level of cybercrime. In this paper, I explore a little bit about the meaning of cybercrime, cyber forensics, cyber terrorism, types of cybercrimes and what can be done about it. I then provide an insight of the state of cybercrime in the Middle East, the past, present and future. I continue by comparing it with other nation's types of cybercrime and how to deal with it. Finally I provide the prevalent cybercrime laws and legislations.
Cybercrime is a global issue; therefore, no country is invulnerable. It knows no limits. Computers have been getting better a great deal from the time they were invented to the present. They have even enhanced so many fields of life a great deal from year to year. This may be helpful, but then again it has a negative effect on the world at large. The use and progress of technology has increased different types of cybercrimes globally like the following; terrorism, black marketing, and theft crimes. It is also to blame for the triumph of their individual criminal assets. The term cybercrime can be said to be any criminal offence done against or with the use of a computer or computer network. In summary:
Computer crime is any crime where -
- Computer is a target
- Computer is a tool of crime
- Computer is incidental to crime.
Cybercrime is not restricted to laptop and desktop computers alone. It includes devices such as cell phones, MP3 players, PDA's, Game consoles, etc. But today, the common of cybercriminals aim PC users. Computer forensics is an autopsy of a computer or network to uncover digital evidence of a crime and the evidence must be preserved and hold up in the court of law.
Cyber terrorism as a form of cybercrime is much more complex when it comes to definition and so it's harder to give just one meaning. The phrase "cyber terrorism" is often loosely defined because there is a great amount of prejudice in what exactly make up the name. Consequently, you may find a whole lot of different types of definition associated to cyber terrorism. The most commonly cited paper on the issue of cyber terrorism is Denning's Testimony before the Special Oversight Panel on Terrorism (Denning, 2000). In her statement she said:
"Cyber terrorism is the meeting of terrorism and cyberspace. It is generally understood to mean criminal attacks and threats of attack against computers, networks, and the information stored therein when done to threaten or intimidate a government or its people in continuance of political or social intentions. Further, to be eligible as cyber terrorism, an attack should effect in a violent behaviour against persons or property, or at least cause an adequate amount of harm to create fear. Attacks that lead to death or bodily injury, explosions, plane crashes, water contamination, or severe economic loss would be examples. Serious attacks against critical infrastructures could be acts of cyber terrorism, depending on their impact. Attacks that disrupt nonessential services or that are mainly a costly nuisance would not."
As we all know cybercrime is a vague field and so many range of manner of crimes fits within this large definition. Below is a highlight of a few of such that have been mainly notorious and that have worried seriously the basics of criminal law. It ranges from the use of the Internet to threaten or trail people; online fraud, hacking, online distribution of child pornography etc.
- Hacking - in simple terms it means illegal intrusion into a computer system without the permission of the computer owner/user.
- Denial of service attack - This is an act by the criminal, who overflow the bandwidth of the victim's network or fill's his e-mail box with spam mail not allowing him of the services he is allowed to access or provide.
- Virus Dissemination - Malicious software that attaches itself to other software. (virus, worms, Trojan horse, Time bomb, Logic bomb etc. are the malicious software's)
- Software Piracy - Theft of software through the illegal copying of real programs or the imitation and distribution of products intended to pass for the original.
- Pornography - Misleading marketing strategy and mouse trapping technologies pornography to encourage customers and young children to access their websites.
- Credit card fraud - You simply have to type a credit card number into www page off the seller for online transaction. If electronic transactions are not safe the credit card numbers can be stolen by the hackers who can abuse this card by pretending to be the credit card owner.
- Net extortion - Copying the company's confidential data in order to obtain by threat a company for huge amount of money.
- Phishing - It is method of getting confidential information from the bank/financial institutional account holders by deceiving means.
- Spoofing - Getting one computer on a network to act as if to have the identity of another computer, generally one with special access rights, so as to obtain access to the other computers on the network.
- IRC crime - Internet Relay Chat (IRC) servers have chat rooms in which people from different places in the world can come together and chat with each other.
- Criminals use it for meeting co-conspirators.
- Hackers use it for discussing their exploits / sharing the techniques.
- Cyber Stalking - In order to harass a woman her telephone number is given to others as if she wants to make friends with males.
There is no particular way out about cybercrimes, be it technological or otherwise. It exists for a whole host of reasons and requires an all-round approach to fight it. Government, industries and educators must primarily deal with human behaviour that allows cybercrime to succeed and chip away at security effort. A major number of security breaks are caused by human actions, being it intentional or otherwise. For example, use of weak passwords, exposing passwords, use of unauthorised software's, opening of unknown email, unauthorised use of networks.
On the other hand, technology plays a vital part in securing computers and networks, but if it's properly set up and maintained. There are a lot of security tools to choose from which if used as it should be they will protect your computers and important documents from most attacks. It ranges from basics, like asking users to change their passwords often, limiting access to networks and particular computers on the network to step up's, like virus scanners that scan an incoming files to firewalls and to more sophisticated kits like intrusion detection systems that regularly monitors network traffic.
Middle East is a place which is different from other countries of the world when it comes to issues involving cybercrimes. The information security of the region is affected be a lot of issues such as the ongoing growth of the clients using the internet, lack of set of laws, poor knowledge of security threats and lack of training of computer crime law enforcements. Due to an increasing users and subscription fees of the usage, the users in the region have outnumbered the rest of the world.
According to the Internet world stats, internet use in the Middle East had reached 2.5% of the total worldwide use as of December 2007. It use from 2000 - 2007 has increased by 920.2% compared to 25.6% of the rest of the world. Thus, they have made internet a popular means communication providing an opportunity for online businesses and many more. Apart from that, their investment in IT infrastructure is huge, more specifically in the Gulf but they didn't know there is much more to the security than to the system because there have been a whole lot of successful attacks.
The key problem troubling the region is the thing they believe in "business first, security later" which has caused them paying the price through their nose. Banks are vulnerable to phishing attacks, businesses to spammers, e-government sites to hackers and so much more. Many international sources now believe that Middle East is becoming a main target of computer crimes.
According to the Gulf Co-operation Council (GCC), "Saudi Arabia is the principal country as the source and target of online crimes and ranked number 38 in the world. So also, "Egypt is ranked one of the most phished countries in the world with about 1763 phishing incidents, followed by Saudi Arabia, UAE and Qatar. This is owing to the high rate of development of some parts of the region relating their growth of international banking and money laundering and their developed financial infrastructure, thus attracting cyber criminals from the region and other regions of the world.
Cybercriminals are also concerned with the regions social networks. These criminals are looking for sites that have many users with poor security knowledge and ruin them. Middle East has a reasonable number of websites which can be used by the criminals to get to the users with malware or forward them to phishing sites, stealing passwords, accounts and rendering user machines vulnerable to threats. The use of international social networks like facebook, hi5, blogger, twitter, MySpace, etc. for communications, friendships, blogging and other stuffs against users and employees is also common in this region.
Cybercrime in the Middle East has its international contacts especially with cyber terrorism. Even though of the progress set in place about the security of networks and computers, most of the Middle East countries still depend on standard laws to fight crimes. In order to do away with these problems, regulations and security awareness training and education programs should be set in place to help minimize the risks. Governments and private sectors should forget about the so called "business first, security later" and try to invest more on their security, compliance and awareness.
As they say, "bytes are replacing bullets in the crime world". The increase of cyber crime in Middle East, just like other parts of the world, is on the rise and to reduce its span and difficulty is the important need today. Cyber space gives so many opportunities for cyber criminals either to cause harm to innocent people, or to make a fast buck at the cost of innocent citizens. Therefore, there is a need for the governments, private sectors and all internet users of the Middle East region and other part of the world to try all their possible best to create a free crime environment for the computers and networks of their respective regions.
- Hussain, Fehmida, "Computer Threats and Security". <Computer Threats and Security.ppt>
- El Gundy, Muhammad N, "Cybercrime in the Middle east", ISSA Journal. (June 2008)
- Internet World Stats, "Middle East Internet Usage and Population Statistics", (September 2009). <http://www.internetworldstats.com/stats5.htm>
- Gulf Cooperation Council, < http://www.gcc-sg.org/eng/index.php>
- An De, Jonghe, "Social Networks Around the World", Book Surge Publishing, (February 15, 2008).
- Bitz, Michael, "Global perspective", Network and security applications, (March 14-16, 2006). <Network security and applications.ppt>
- McConnell International, "Cybercrime...and punishment?", (December 2000).
- Cyber security newsletter, "Insight to security", Volume 2 Issue 3, (October 2009).
- Map of Social Networking: <http://valleywag.com/tech/data-junkie/the-world-mapof-social-networks-273201.php>