Types of Cybercrime

In this article we will look at different types of cybercrime. There are mainly four categories of cybercrime. Understanding the types of cybercrime is of much importance in the field of cybersecurity.

 

Cybercrimes can be classified as follows:

Cybercrime against individuals

• E-Mail spoofing
• Phishing and its forms
• Spamming
• Cyber defamation
• Cyber stalking
• Computer sabotage
• Password sniffing

 

Cybercrime against property

• Credit card frauds
• Intellectual property crimes
• Internet time theft

 

Cybercrime against organizations

• Unauthorized access
• Password sniffing
• DoS attacks
• Virus attacks
• E-mail bombing
• Salami attack
• Logic bomb
• Trojan horse
• Data diddling
• Crimes based on Usenet newsgroups
• Industrial espionage
• Computer network intrusions
• Software piracy

 

Cybercrime against society

• Forgery
• Cyber terrorism
• Web jacking

 

Watch these videos to to learn about types of cybercrime:

 

Let’s discuss about the above cybercrimes in detail.

 

E-Mail Spoofing

Sending an email to a person by impersonating another person’s email id is known as email spoofing. In this method, even though the sender’s email id is visible as [email protected], in reality, it belongs to [email protected]. For example, John has a argument with his boss Henry and he lost his face in front of his colleagues. To avenge his loss of reputation he sent emails with bad messages to other employees and board of directors of the company by impersonating Henry.

 

Phishing

Phishing is a social engineering attack where the attacker tries to obtain sensitive information from their target by disguising themselves as an important third party. The attacker uses several ways like sending spoofed emails, make the target visit websites with malware, make the target download malicious software through links, etc. Different types of phishing are:

 

Spear phishing: Gathering information from specific individuals of a company or an organization through phishing techniques is called spear phishing.

 

Whaling: Gathering information from senior executives or other high-profile persons in a company or an organization is called whaling.

 

Clone Phishing: Phishing in which an attacker compromises a legitimate email sent by a person, replaces the information or the link present in the email body with a malicious link and forward it to several recipients by impersonating a legitimate person is called clone phishing.

 

Spamming

Spam is sending unsolicited bulk messages to randomly to masses through electronic transmission medium. People who carry out spamming are known as spammers. Majority of the time, spamming is done through e-mails. Spamming can also be done through other ways like instant messaging spam, web search engine spam, spam in blogs, wiki spam, online classified spam, SMS spam, form spam, social networking spam, spamming thorough file sharing sites and video sharing websites, etc.

 

Spamming is generally used for advertising and it is difficult to control it because it requires little money for setup and perform spamming. It also takes less effort to maintain the email lists and it is difficult to make the senders accountable for spamming the web. In the context of search engines, spamming is called as search engine spamming. In this method spammers use deceptive techniques to make their web pages containing adverts or malicious links rank higher in the web search catalogue. Search engine spamming is punishable and websites following such deceptive techniques are bound to be permanently blocked from search engines.

 

Cyberdefamation

The act of defaming others with the help of computers or other devices through Internet is known as cyber defamation. Some examples of cyber defamation are publishing obscene material about others on websites, social networks and on other social media, sending emails containing information defaming others, etc.

 

Cyberstalking

Using Internet or other electronic means to stalk or harass a person, group of people or organization is known as cyberstalking. The activities in cyberstalking may include false accusations, defamation, slander (oral defamation), and libel (written defamation). Cyberstalking can also include monitoring, identity theft, threats, vandalism, gathering information for threatening, embarrass or harass.

 

Computer Sabotage

Introducing virus, worms, trojan horse, or logic bombs into a computer system through Internet and making it non-operable is known as computer sabotage. Computer sabotage can be performed for different reasons like gain economic advantage over a competitor, to promote illegal activities, or to steal data or programs for extortion purposes.

 

Password Sniffing

The act of using tools (like sniffers) to monitor the network traffic for collecting usernames and passwords who are using the network is known as password sniffing. The passwords gained through sniffing can later be used to impersonate an authorized user for logging in and stealing sensitive data. Existing laws are not stringent for punishing a person who is trying to impersonate and authorized user.

 

Credit Card Frauds

Conducting financial transactions using illegally obtained credit card is known as credit card fraud. The information security requirements for handling credit cards have been increased recently. Security measures are improving and the current law enforcement seems to be sufficient for prosecuting the people committing credit card frauds. Retail websites and other online services are frequent targets for attackers to compromise a huge list of credit cards of users. To combat credit card frauds the leading credit card organizations developed a regulation named Payment Card Industry Data Security Standard (PCI DSS).

 

Intellectual Property Crimes

Intellectual property refers to an idea, method, mechanism, or a product that belongs to or is invented by a person, a group, or by an organization. Intellectual Property (IP) crime refers to someone trying to access, use, modify or sell a counterfeit (pirated) version of the actual property. Counterfeiting and piracy are frequently used to terms for referring intellectual property crimes. Common ways for IP protection are:

• patents
• trademarks
• trade secrets
• copyrights

 

Internet Time Theft

When an unauthorized person uses the Internet hours paid for by another person is known as internet time theft. This happens when the attacker is somehow able to hack the username and password details of the legitimate user. The attacker uses the account to access Internet without the other person’s knowledge. The actual user can identify the internet time theft by observing the frequent recharge of data plan for which he/she is not even using. Internet time theft comes under crimes conducted through identity theft.

 

Unauthorized Access

The act of gaining access to a website, service, program, or any other asset using someone else’s account or details is known as unauthorized access. In general, attackers compromise the authentication details of a legitimate user and tries to gain access to sensitive information or secrets by posing as a legitimate user. Trying to access an area or level in a system to which access is not allowed is also considered as unauthorized access. Typical measures for preventing unauthorized access is to use strong authentication and authorization mechanisms.

 

Denial of Service (DoS) Attacks

DoS attack is a cyber attack in which the attacker tries to make a machine or network or service unavailable for their legitimate users by temporarily disabling them. DoS attack affects the availability of the target machine or service. DoS attack can be performed in various ways. Most general way is by flooding the targets with a huge amount of traffic. In DoS attack, the attack comes from a single source. So, it is easy to block a DoS attack by simply blacklisting the attacker’s IP address. Extended version of DoS attack is Distributed Denial of Service (DDoS) attack, where the attack comes from multiple sources. It is not easy to block a DDoS attack completely.

 

Virus, Worm, Trojan Horse and Logic Bomb

Malware is defined as malicious software. General types of malware are virus, worm, trojan horse, and logic bomb. A virus is a piece of malicious code that is in general attached to a host (software or file) and is activated through human action like double-clicking the file to open it. Once activated, a virus can try to access sensitive information, change file content, or even delete them. Unlike virus, worm does not need human intervention to activate. Once a worm infects a machine, it will automatically spread from one machine to another through network or as attachment to outgoing email. A trojan horse is a malicious piece of code that comes as part of or hidden in another legitimate software. When the user downloads and installs the legitimate software, trojan horse will also get installed and performs its intended task. Like virus, trojan horse also need human intervention for activation. A logic bomb is a piece of code (logic) which is triggered on a specific condition or event. For example, a disgruntled developer might write code such that on a specific date and time, all the tables in the database are deleted.

 

Email Bombing

Email bombing refers to the practice of sending a large volume of emails to a target’s inbox to bring down the target’s account or crash the target’s email server or service. An attacker can write a program to bomb the target at regular intervals of time. Even though this might not seem to be illegal it affects the availability of the mail service.

 

Salami Attack

This attack is for committing financial fraud. The salami attack involves a malicious developed or a hacker who has access to the code base of a target application. The code is modified such that on every transaction a negligible amount (for example Rs. 2) is shaved off from the consumer’s account. The individual consumer might not notice the amount debited as it is negligible. But if we consider a large number of consumers or buyers, the amount is huge and is a significant benefit to the developer or the hacker.

 

Data Diddling

A data diddling attack is based on how the user input or transactions are validated or processed. In a data diddling attack, the user modifies the transaction data on client side and forwards it to the server. If no proper validation is done on the server-side, the modified data by the attacker is processed and results in a loss for the target. For example, while purchasing items on a retail website like Amazon, if the data in a transaction like quantity of items, price of each item, etc., are not validated on server-side once submitted by the buyer, a malicious buyer can change this data for his/her own personal gain.

 

Crimes based on Usenet Newsgroups

Usenet is a set of discussion boards (forums) or news groups where users can share and distribute information with respect to specific topics. It is similar to Facebook groups. There are nearly 30,000 different topics. Usenet lacks strict moderation for controlling the contents shared in the new groups. The users in the group are responsible for what they are sharing in the group. There might be several ways in which Usenet can be used for criminal purpose. Some of them are as follows:

• Distribution/sale of obscene material
• Distribution/sale of pirate software
• Distribution of hacking software
• Sale of stolen credit card numbers
• Sale of stolen data/stolen property

 

Industrial Espionage

The availability of Internet and networking provides better opportunities for corporation or governments for conducting industrial espionage or industrial spying. Industrial espionage refers to the practice of spying on competitors internal working and networks to gather information about its intellectual property, trade secrets, and other sensitive data. This information is later sold out or used to gain monetary benefit or to achieve economic advantage over the target. With the widespread availability of trojan and spying software, even low-skilled individuals are resorting to industrial spying for generating huge profits.

 

Computer Network Intrusions

Gaining unauthorized access to data or information through a network is known as computer network intrusion. Computer networks are riddled with security holes which allows attackers to easily gain access to a system or service. Networks allow hackers or crackers to break into the systems from anywhere in the world. Current laws are limited to only some types of network intrusions. Crackers might install malicious programs like virus, trojan, etc. to obtain the login credentials of their target. The compromised details will later be used to carry out further intrusion into the systems or services.

 

Software Piracy

Cybercrime investigation cell of India defines “software piracy” as theft of software through illegal copying of genuine programs or the counterfeiting and distribution of products intended to pass for the original. Some of the examples for software piracy are:

• end user copying
• hard disk loading with illicit means (by hard disk vendors)
• counterfeiting (large-scale duplication and distribution)
• illegal downloads from the Internet

 

The consequences of buying or downloading pirated material are:

• getting untested software that is already copied thousands of times
  may potentially contain hard drive infecting virus
• no technical support in case of software failure
• no warranty protection
• no legal right to use the product

 

Forgery

Duplicate currency notes, certificates, postage, etc. can be forged using sophisticated computers, printers, and scanners. This is a blooming business now-a-days to cell fake certificates or mark sheets outside many colleges.

 

Cyberterrorism

Using Internet to commit violent acts that result in, threaten, loss of life in order to achieve political or ideological gains through threat or intimidation is known as cyberterrorism. The activities under cyberterrorism might include large-scale disruption of computer networks, sabotaging computers using virus, worms, trojan horse or any other type of malware. Cyberterrorists are experienced hackers who might cause massive damage to government networks, hospital records, and other places or services of national importance, which might leave the country in state of panic.

 

Web Jacking

Web jacking refers to taking control over a website through some malicious means. In general the method used to gain administrator credentials is password sniffing. The actual owner or administrator will no longer have control over the website.