Introduction
The modern day world is becoming a global village with expanding usage of the Internet. The Internet has now penetrated across the globe even to the developing countries where it is being embraced and used widely. The invention and adoption of the Internet has accelerated the growth of business through improved means of communication but, at the same time, malicious people have invaded internet making it insecure for its users.
This vast network has now become a target for illegal activities and enterprise, or simply cyber crime, which involves criminal acts that involve communication, computers and internet network. Many internet users see the Internet as the safest means of communication and doing business, thus, there is a need to protect these users from malicious people who conduct cyber crime.
This research paper will address the usage of internet and how internet theft has continued to thrive as the technology advances and how users of the internet can be made safer. The research will categorically put more emphasis on cyber theft and its consequences (Schaeffer, Chan, Chan, & Ogulnick, 2009).
Background
The internet does not have the same level of regulation as mobile phones, as there is no overarching body to provide consumers with a first place of contact to raise concerns about disreputable or criminal behaviour. It is not the responsibility of an ISP to regulate behaviour online, and they cannot enforce a code of conduct on those offering commercial services online. The Internet Service Providers (ISP) also has not regulatory body.
As a result, individuals who experience cyber crime can only refer it to the police or possibly simply attempt to minimise any financial loss by contacting banks and online services, depending on the exact nature of the crime. There is no single first point of advice and help for the consumer, which makes precaution and prevention the best way to avoid becoming a victim of cyber crime (Second Annual Cost of Cyber Crime Study, 2011).
Cyber crime can be divided into three categories, namely cyber vandalism, cyber terrorism and cyber theft. While this paper focuses on cyber theft, it is important to briefly explain these other crimes.
Cyber vandalism includes all kinds of technological destruction, which involve malicious attack at disturbing, defacing and destroying technology that they find offensive. Cyber terrorism, on the other hand, involves acts that are aimed at undermining the social, economic and political system of an enemy by destroying its electronic infrastructure and disrupting its economy.
Cyber theft can be simply put as cyber crime for profit. It ranges from illegal copying of copy righted material to using technology to commit traditional theft-based offenses such as larceny and fraud.
Cyber theft includes various acts such as: computer fraud, which involves theft of information like copying software for profit; salami slice fraud, whereby the perpetrator cautiously skins small sums from the balance of the large number of accounts in order to bypass internal controls and escape detection; software theft, which deprives many authors of significant revenues; and manipulation of accounts in banking (Jaishankar, 2011).
Literature review
This paper seeks to study the emerging trends in technology, which highlight the increase in the number of cyber theft incidences reported over a period of time. According to Siegel (2011), the Federal Trade Commission has put the number of internet users who have fallen prey to identity theft as 9 million.
This clearly indicates how vulnerable internet users are in the entire world. Many internet users use the internet blindly without knowing how dangerous it can be especially where the laid down procedures are not set straight (Carr 2011).
Most research studies conducted on cyber theft among the online users have failed to cushion internet users on the looming danger they face when using the internet (Cornelius & Hermann 2011). A good example is where some internet users receive mails purporting to have won lotteries and in turn asking for personal information and the bank details. The authors of these emails turn out to be cyber criminals who steal from vulnerable internet users (Jaishankar, 2011).
Consequences of cyber theft
According to Schaeffer and Chan (2009), the internet has led to revival of the porn industry through the distribution of illegal sexual material since it provides an ideal platform for selling and distributing obscene material. Adult entertainment has permitted the peddling of child pornography across borders, via credit card verification service, which acts as an electronic gateway to the pictures and movies of minors engaged in sexually explicit conduct.
Secondly, cyber theft has attempted to extort money from legitimate internet users through the denial of services and threatening to prevent them from having access to the service. Such operations involve flooding the site with many spurious messages that interfere with the user, until they become frustrated and abandon the site, or agree to pay the fee. These crimes have been known to destroy online businesses.
Thirdly, cyber theft in the form of illegal copyright infringement has been on the rise, with groups of individuals working together illegally to obtain software, and then use it to âcrackâ or âripâ its copyright protection, before posting it on the internet for other members to use. Frequently the pirated copies reach the internet days and weeks before the legitimate product is commercially available.
File Sharing is another form of illegal infringement; it allows internet users to download music and other material without paying the artists and the companies their rightful royalties (Schaeffer, Chan, Chan, & Ogulnick, 2009).
The fourth result of cyber theft is internet securities fraud. This includes market manipulation, when individuals try to control the price of stock by interfering with the natural forces of supply and demand-either by âpump and dumpâ or âcyber smearâ.
In pump and dump, erroneous and deceptive information is posted online to make unsuspecting investors to become interested in stocks, and sell previously purchased stock at inflated price. Cyber smear is reverse of the pump and dump, when negative information is spread online, driving down the price and enabling the people buy at artificially low price, before the company officers inflate the price.
Fifth is identity theft. Schaeffer and Chan (2009), explain identity theft as the process whereby an individual uses the internet to steal someoneâs identity to open a new credit card account or conduct some other financial transaction. This also includes phishing, which involves illegal access to victimsâ personal information.
The victim is informed about the problems in his account and suggested to fix it. Once all the personal information, including social security number is provided, the perpetrators proceed to access the victimâs bank account and credit card, and buy things with those accounts. The perpetrator can also open a new account without the victimâs knowledge or choose to implant viruses into their software that forwards their e-mails to other recipients (Schaeffer, Chan, Chan, & Ogulnick, 2009).
E-tailing fraud is another form of cyber theft, which involves the illegal buying or selling merchandise. E-tailing scams involve failure to deliver promised purchase or services or substituting the cheaper or used material for higher quality purchases.
This form of cyber theft involves top of the line electronic equipment over the internet, then purchasing similar-looking cheaper quality. The cheaper item is then returned to the E-Tailer after switching the bar code and the boxes with the more expensive unit. The buyer gets the refund for the higher quality product.
The seventh form of cyber theft is the use of email chain letters, whereby the victims are sent official looking e-mail letters requesting cooperation by sending a report to five friends or relatives. Those who respond are then asked to pay to keep the chain going. The last form of cyber theft is one that allows individuals to fish information of all kinds.
This is usually offered in the form of a CD program that you can use to find out personal information on someone. Such information is them sold, in the case of public records. Alternatively, the seller can sell false software in order to access a willing buyerâs credit account number.
Cyber theft attacks
For individual computer users, cyber crime is most likely to occur through casual infections and unfortunate happenstance. Reports indicate that the best defence against this kind of crime is more knowledgeable computer users and routine IT hygiene. “There is a balance to be struck in terms of encouraging technology usage without engendering over-reliance upon it.
While users should be expected to have protection, they should not be lulled into a false belief that it will solve all their problems Cornelius & Hermann also suggest that technology needs to be understood in the wider context of safe online behaviour” (Cornelius & Hermann, 2011).
This is because people have the tendency of approaching technology as just another consumer appliance like a video machine, which comes with âa series of services. There is little interest among consumers in how computers work or in understanding the principles of how those computers connect with the internet.
Method
The purpose of this research was to make a contribution towards understanding and responding to cyber theft, as well as providing an insight into the characteristics and motivation of the perpetrators of cyber theft or fraud. The study involved the assessment of various literatures on cyber theft, in order to obtain possible explanations for the putative differences between offenders perpetrating e-fraud and classical fraud.
Among the literature is the evaluation of criminological theories that sought to explain the emergence of new group offenders, in cyber theft, and the factors that facilitate their growth, such as the perceived anonymity and the disappearance of barriers of time and space (Second Annual Cost of Cyber Crime Study, 2011).
Research methods
There is some knowledge about certain types of cyber crimes and how the offenders responsible for these various acts operate. Previous research methods involved observations on the Internet and interviews with key persons such as police officers. This research complements these previous reports and seeks a comprehensive strategy, while offering a more in-depth analysis.
This study involved literature review, which was used to create some insight into the characteristics of the offenders that are known at this moment. Through (online) libraries such as ScienceDirect and Leicester E-Link books, articles and reports on the subject have been retrieved and relevant publications have been studied. Publications have been selected with the keywords: âfraudâ, âcyber theft, âconâ, âdeceptionâ, âdeceitâ and other terms with similar meanings (Cornelius & Hermann, 2011).
Results
With the increase in bandwidth the file transfer rate has been increased considerably. Hackers can now transfer more data in a single second due to the increased speeds, which also allow the users to download third party applications with which they can have access to others computers or mobile phones.
Operating Systems with patches are also available on the internet. So in developing countries, the people can download pirated versions of operating system and third party software easily with the help of large bandwidth internet (Siegel, 2011).
Cyber theft has also affected social engineering. This has been possible due to the increasing accessibility of the internet, as well as faster speeds, which allow more and more people to join into the cyber world, making their individual information more prone to be attacked. A good example of this is the article by Whitehurst, whereby a man who was seeking friendship and love online was later robbed by the lady.
This happened on Valentines Day, and the lady surprised the man when she suggested changing her clothes but instead came back with two men, armed with a taser and knife, to rob the man.
Social networking sites like facebook, myspace, twitter and orkut among others make it easy for people to access personal information on various people by hacking the account of that individual. A fake social networking site login page is sent to the user with an attractive link so that by login into that page can send the user name and password of that user to the hacker (Whitehurst, 2009).
With more people online, the possibility of viruses, spam and Trojan horses affecting more people is increased. Hackers can easily get into the remote computers and infect a whole network within seconds with the faster access of internet. Besides this, the increasing number of people with access to the internet may potentially affect the growth of Film and Music Industry.
Access to reliable Internet services allows people to download movies that have been pirated. This is increasing the piracy of movies and songs, as the revenue is flowing to the illegal sites rather than the producer of movie or the songs (Siegel, 2011).
Now-a-days nations have electronically connected all their economic, defence and national security establishments which will be the target for cyber attacks during a conflict or to create instabilities.
With the increase internet speeds and user access, these sites are more prone to attack as hackers can have more bandwidth and can destruct in more networks in less time. A good example of such damage is the accessibility of information that allowed wiki-leaks to spring up, releasing sensitive information to the public that was potentially damaging (Siegel, 2011).
Discussion
This research identified many areas where there are currently deficiencies in law enforcement response to cyber crime. Research has shown that there is high volume of malicious computer activities with minimal counter measures to defeat cyber theft globally. Here we are looking at some counter measures to defeat cyber theft such as cyber crisis planning, regular surveillance, introduction of access controls and security training.
Cyber crisis planning
Effective crisis planning and crisis management processes must be developed to enable businesses to continue operating following failure of, or damage to, vital services or facilities.
This process involves: identification and prioritization of critical business processes including the technology that supports them (servers, databases, applications) and technology owners; identification and agreement with respect to all responsibilities and emergency arrangements for business continuity planning and recovery with all affected parties throughout the organization; documentation of workarounds (electronic and manual) and/or rectification procedures and a linkage to any relevant reference material or documents; appropriate education of staff in the execution of the agreed emergency procedures and processes; checklists and procedure guidelines to assist all parties to recover from a crisis or disaster; and testing and updating of the plans on a regular basis (Jaishankar, 2011).
Regular surveillance
Many companies overlook the fact that security monitoring or surveillance is necessary in order to protect their information assets. Security Information Management Systems (SIM), if configured properly, can be useful in collecting and correlating security data (system logs, firewall logs, anti-virus logs, user profiles, physical access logs, etc.) to help identify internal threats and external threats.
A successful surveillance program includes practices such as: security in depth, whereby several layers of security are introduced, and surveillance on each layer of security will help identify the severity of a security event, alerts coming from the internal corporate network might be more urgent than on the external network; critical business data encryption with strict role-based access controls and logging of all changes for an accurate audit trail; implementation of a policy of âleast privileges accessâ with respect to sensitive information and regular review of logs for suspicious activity; review of Identity Management Process to determine who has access to what information on the corporate network and ensure that the access of ex-employees, contractors and vendors is eliminated when they are no longer needed or leave the organization; and placement of Network Intrusion Detection/Prevention Systems throughout the corporate network to help detect suspicious or malicious activity (Jaishankar, 2011).
Access controls
Curiosity is a natural human trait. The viewing of private records of political figures and celebrities has led to people losing their jobs or being criminally convicted. Most of these workplace incidents were not tied to identity theft or other bad intentions, but were simply instances of employees taking advantage of access control policy gaps, sometimes without realizing that they were breaking privacy laws and exposing their organizations to risk.
So companies need to focus on ensuring that employeesâ access to information is required for their particular job. Sometimes employeesâ access is supplemented as they are promoted, transferred, or temporarily assigned to another department within the organization. Users that drag such excess access into their new role may create holes in corporate security or create other business risks.
These are common problems in large organizations, a natural consequence of the pressure on IT departments to provide access quickly when employees are transferred or promoted. Organizations should consider putting automated controls in place for cyber-access to ensure that user privileges are appropriate to their particular job function or process role. Access to personally identifiable information must be governed by the need; there must be a valid business reason for access (Jaishankar, 2011).
Security Training and Awareness
The human factor is the weakest link in any information security program. Communicating the importance of information security and promoting safe computing are vital in securing a company against cyber crime.
Some ways of preventing cyber theft include: using passphrases that combine symbols, numerical and letters, and keeping them hidden; educate employees and executives on the latest cyber security threats and what they can do to help protect critical information assets; avoiding links or attachments in e-mail from untrusted sources; avoiding sending sensitive business files to personal email addresses; reporting suspicious/malicious activity to security personnel immediately; securing all mobile devices when travelling, and reporting lost or stolen items to the technical support for remote kill/deactivation; and educating the community about phishing attacks and how to report fraudulent activity (Jaishankar, 2011).
Conclusion
The risks of cyber crime are very real and too ominous to be ignored. Every franchisor and licensor, indeed every business owner, has to face up to their vulnerability and do something about it. At the very least, every company must conduct a professional analysis of their cyber security and cyber risk; engage in a plan to minimize the liability; insure against losses to the greatest extent possible; and implement and promote a well-thought-out cyber policy, including crisis management in the event of a worst case scenario.
A healthier online community should be promoted by willing to establish a trusted system which is similar “to what we have for doctors, paramedics and epidemiologists in human health. In addition to this, computer users need to know who and where to get help with a malware issue.
Prevention or wellness is another topic that should be adopted from human health. To do so, we must begin with an understanding of what it takes to keep a system healthy and develop the social and technical norms to encourage the healthy state of all devices. Finally, as with epidemic preparedness, industry and government must be prepared for a potential malware outbreak in a way that leverages the trusted system” (Carr, 2011).
References
Carr, J. (2011). Inside Cyber Warfare: Mapping the Cyber Underworld. New York: O’Reilly Media.
Cornelius, K., & Hermann, D. (2011). Virtual Worlds and Criminality. New York: Springer.
Jaishankar, K. (2011). Cyber Criminology: Exploring Internet Crimes and Criminal. New York: CRC Press.
Schaeffer, B. S., Chan, H., Chan, H., & Ogulnick, S. (2009). Cyber Crime and Cyber Security. Wolters Kluwer Law & Business , 4-11.
Second Annual Cost of Cyber Crime Study. (2011). Traverse City, Michigan: Ponemon Institute.
Siegel, J. L. (2011). Criminology. New York: Cengage Learning.
Whitehurst, L. (2009). Internet love connection turns into robbery. Web.