What is Cybercrime?
Types of Attacks that Cyber Criminals use to commit crimes:
Defines as "any crime that is committed using a computer network or hardware
device".
Type 1 cybercrime
Usually a single event from the perspective of the victim.
An example would be where the victim unknowingly
downloads a Trojan horse virus, which installs a keystroke
logger on his or her machine. The keystroke logger allows
the hacker to steal private data such as internet banking
and email passwords.
Phishing. This is where the victim receives a supposedly legitimate email
(quite often claiming to be a bank or credit card company) with a link that
leads to a hostile website. Once the link is clicked, the PC can then be
infected with a virus.
Hackers often carry out Type 1 cybercrime by taking advantage of flaws in a
web browser to place a Trojan horse virus onto the unprotected victims
computer
Any cybercrime that relates to theft or manipulation of data or services via
hacking or viruses, identity theft, and bank or e-commerce fraud.
Type 2 cybercrime
Type 2 cybercrime tends to be much more
serious and covers things such as
cyberstalking and harassment, child
predation, extortion, blackmail, stock
market manipulation, complex corporate
espionage, and planning or carrying out
terrorist activities.
It is generally an on-going series of events,
involving repeated interactions with the target. For example, the target
is contacted in a chat room by someone who, over time, attempts to
establish a relationship. Eventually, the criminal exploits the relationship
to commit a crime. Or, members of a terrorist cell or criminal
organization may use hidden messages to communicate in a public
forum to plan activities or discuss money laundering locations, for
example.
More often than not, it is facilitated by programs that do not fit under
the classification crimeware. For example, conversations may take place
using IM (instant messaging) clients or files may be transferred using
FTP.
1. Botnet - a network of software robots, or bots, that automatically
spread malware
2. Fast Flux - moving data quickly among the computers in a botnet to
make it difficult to trace the source of malware or phishing websites
3. Zombie Computer - a computer that has been hacked into and is used
to launch malicious attacks or to become part of a botnet
4. Social Engineering - a tactic used by cyber criminals that uses lies and
manipulation to trick people into revealing their personal information.
Social engineering attacks frequently involve very convincing fake
stories to lure victims into their trap. Common social engineering
attacks include:
Sending victims an email that claims there's a problem with their
account and has a link to a fake website. Entering their account
information into the site sends it straight to the cyber criminal
(phishing)
Trying to convince victims to open email attachments that
contain malware by claiming it is something they might enjoy (like
a game) or need (like anti-malware software)
Pretending to be a network or account administrator and asking
for the victim's password to perform maintenance
Claiming that the victim has won a prize but must give their credit
card information in order to receive it
Asking for a victim's password for an Internet service and then
using the same password to access other accounts and services
since many people re-use the same password
Promising the victim they will receive millions of dollars, if they
will help out the sender by giving them money or their bank
account information
5. Denial-of-Service attacks - flooding a network or server with traffic in
order to make it unavailable to its users
6. Skimmers - Devices that steal credit card information when the card is
swiped through them. This can happen in stores or restaurants when
the card is out of the owner's view, and frequently the credit card
information is then sold online through a criminal community.
Types of Cyber Criminals
White hat Hackers
They are specialized in testing the security of their clients' information systems.
For a fee, they will attempt to hack into a company's network and then present
the company with a report detailing the existing security holes and how those
holes can be fixed. The term "white hat" in Internet slang refers to an ethical
hacker. This classification also includes individuals who perform penetration
tests and vulnerability assessments within a contractual agreement.
Black hat Hackers
They used their computer expertise to break into systems and steal information
illegally. Black hat hackers form the stereotypical, illegal hacking groups often
portrayed in popular culture, and are "the epitome of all that the public fears in a
computer criminal". Black hat hackers break into secure networks to destroy,
modify, or steal data; or to make the network unusable for those who are
authorized to use the network. Black hat hackers are also referred to as the
"crackers" within the security industry and by modern programmers.
Grey hat Hackers
These hackers-turned-good-guys wants to come clean and turn away from crime,
one option is to work for the people they used to torment, by becoming a
security consultant. A grey hat hacker may surf the Internet and hack into a
computer system for the sole purpose of notifying the administrator that their
system has a security defect, for example. They may then offer to correct the
defect for a fee. Grey hat hackers sometimes find the defect of a system and
publish the facts to the world instead of a group of people.
Elite hacker
A social status among hackers, elite is used to describe the most skilled. Newly
discovered exploits circulate among these hackers.
Script kiddie
A script kiddie (also known as a skid or skiddie) is an unskilled hacker who breaks
into computer systems by using automated tools written by others (usually by
other black hat hackers), hence the term script (i.e. a prearranged plan or set of
activities) kiddie (i.e. kid, childan individual lacking knowledge and experience,
immature), usually with little understanding of the underlying concept.
Neophyte
A neophyte ("newbie", or "noob") is someone who is new to hacking or phreaking
and has almost no knowledge or experience of the workings of technology and
hacking.
Hacktivist
A hacktivist is a hacker who utilizes technology to publicize a social, ideological,
religious or political message.
Hacktivism can be divided into two main groups:
Cyberterrorism Activities involving website defacement or denial-of-
service attacks; and,
Freedom of information Making information that is not public, or is public
in non-machine-readable formats, accessible to the public.
Nation state
Intelligence agencies and cyberwarfare operatives of nation states.
Organized criminal gangs
Groups of hackers that carry out organized criminal activities for profit.
What is Computer Virus?
small software programs that are designed to spread from one computer to
another and to interfere with computer operation
a program or piece of code that is loaded onto your computer without your
knowledge and runs against your wishes
can also replicate themselves
all computer viruses are man-made
can make a copy of itself over and over again
is dangerous because it will quickly use all available memory and bring
the system to a halt
capable of transmitting itself across networks and bypassing security systems
might corrupt or delete data on your computer, use your email program to
spread itself to other computers, or even erase everything on your hard disk
often spread by attachments in email messages or instant messaging
messages
can be disguised as attachments of funny images, greeting cards, or audio
and video files

Types of Computer Viruses
Resident vs. non-resident viruses
A memory-resident virus (or simply "resident virus") installs itself as part of the
operating system when executed, after which it remains in RAM from the time
the computer is booted up to when it is shut down. Resident viruses
overwrite interrupt handling code or other functions, and when the operating
system attempts to access the target file or disk sector, the virus code intercepts
the request and redirects the control flow to the replication module, infecting the
target. In contrast, a non-memory-resident virus (or "non-resident virus"), when
executed, scans the disk for targets, infects them, and then exits (i.e. it does not
remain in memory after it is done executing).
Macro viruses
Many common applications, such as Microsoft Outlook and Microsoft Word,
allow macro programs to be embedded in documents or emails, so that the
programs may be run automatically when the document is opened. A macro
virus (or "document virus") is a virus that is written in a macro language, and
embedded into these documents so that when users open the file, the virus code
is executed, and can infect the user's computer. This is one of the reasons that it
is dangerous to open unexpected attachments in e-mails.
Boot sector viruses
Boot sector viruses specifically target the boot sector/Master Boot Record (MBR)
of the host's hard drive or removable storage media (flash drives, floppy disks,
etc.).
Self-modification
Most modern antivirus programs try to find virus-patterns inside ordinary
programs by scanning them for so-called virus signatures. Unfortunately, the
term is misleading, in that viruses do not possess unique signatures in the way
that human beings do. Such a virus signature is merely a sequence of bytes that
an antivirus program looks for because it is known to be part of the virus. A better
term would be "search strings". Different antivirus programs will employ different
search strings, and indeed different search methods, when identifying viruses. If a
virus scanner finds such a pattern in a file, it will perform other checks to make
sure that it has found the virus, and not merely a coincidental sequence in an
innocent file, before it notifies the user that the file is infected. The user can then
delete, or (in some cases) "clean" or "heal" the infected file. Some viruses employ
techniques that make detection by means of signatures difficult but probably not
impossible. These viruses modify their code on each infection. That is, each
infected file contains a different variant of the virus.
Encrypted viruses
One method of evading signature detection is to use simple encryption to
encipher the body of the virus, leaving only the encryption module and
a cryptographic key in cleartext. In this case, the virus consists of a small
decrypting module and an encrypted copy of the virus code. If the virus is
encrypted with a different key for each infected file, the only part of the virus
that remains constant is the decrypting module, which would (for example) be
appended to the end. In this case, a virus scanner cannot directly detect the virus
using signatures, but it can still detect the decrypting module, which still makes
indirect detection of the virus possible. Since these would be symmetric keys,
stored on the infected host, it is in fact entirely possible to decrypt the final virus,
but this is probably not required, since self-modifying code is such a rarity that it
may be reason for virus scanners to at least flag the file as suspicious.
Some viruses will employ a means of encryption inside an executable in which the
virus is encrypted under certain events, such as the virus scanner being disabled
for updates or the computer being rebooted. This is called Cryptovirology.
Polymorphic code
Just like regular encrypted viruses, a polymorphic virus infects files with an
encrypted copy of itself, which is decoded by a decryption module. In the case of
polymorphic viruses, however, this decryption module is also modified on each
infection. A well-written polymorphic virus therefore has no parts which remain
identical between infections, making it very difficult to detect directly using
signatures. Antivirus software can detect it by decrypting the viruses using
an emulator, or by statistical pattern analysis of the encrypted virus body. To
enable polymorphic code, the virus has to have a polymorphic engine (also called
mutating engine or mutation engine) somewhere in its encrypted body.
See polymorphic code for technical detail on how such engines operate.
Some viruses employ polymorphic code in a way that constrains the mutation
rate of the virus significantly. For example, a virus can be programmed to mutate
only slightly over time, or it can be programmed to refrain from mutating when it
infects a file on a computer that already contains copies of the virus.
There has also been virus called undetectable virus (proposed in Yongge Wang).
Undetectable virus is one kind of polymorphic virus that is static signature-free
and whose dynamic signatures are hard to determine unless some cryptographic
assumption fails.
Metamorphic code
To avoid being detected by emulation, some viruses rewrite themselves
completely each time they are to infect new executables. Viruses that utilize this
technique are said to be metamorphic. To enable metamorphism, a metamorphic
engine is needed. A metamorphic virus is usually very large and complex. For
example, W32/Simile consisted of over 14,000 lines of assembly language code,
90% of which is part of the metamorphic engine.