Category: Cyber Crimes

Essay Speech on Cyber Security

Introduction:

Ladies and gentlemen,

Today, I stand before you to shed light on a matter of utmost significance in our modern society: cyber security. In an age where technology reigns supreme and our lives are increasingly interconnected through digital platforms, it is crucial that we understand the importance of protecting our digital assets, personal information, and overall cyber well-being. This informative essay aims to provide an overview of cyber security, its significance, and the steps we can take to safeguard ourselves in the digital landscape.

Body:

Understanding Cyber Security:

Cyber security refers to the practices, measures, and technologies designed to protect computers, networks, and data from unauthorized access, attacks, and damage. It encompasses various aspects, including data protection, network security, information confidentiality, and user privacy.

The Significance of Cyber Security:

1. Protection against Cyber Threats: The digital world is rife with cyber threats such as hacking, malware, phishing, and identity theft. Cyber security measures serve as a defense mechanism against these malicious activities, preventing unauthorized access and potential harm to individuals, organizations, and even governments.
2. Preserving Confidentiality: In an era where sensitive information is stored and transmitted electronically, maintaining confidentiality is paramount. Cyber security ensures that personal data, financial records, and intellectual property remain secure, preventing unauthorized disclosure and potential damage.
3. Safeguarding Critical Infrastructure: Our reliance on technology extends to critical infrastructure systems, such as power grids, transportation networks, and healthcare facilities. A breach in these systems can have severe consequences. Cyber security safeguards these infrastructures, protecting public safety and maintaining the smooth functioning of essential services.

Key Components of Cyber Security:

1. Network Security: Implementing firewalls, intrusion detection systems, and secure network configurations to prevent unauthorized access and monitor network traffic for potential threats.
2. Data Encryption: Encrypting sensitive information to render it unreadable by unauthorized individuals, ensuring data confidentiality.
3. User Authentication: Employing strong passwords, multi-factor authentication, and biometric verification methods to verify the identity of users and prevent unauthorized access.
4. Security Awareness and Education: Promoting cyber security awareness among individuals, organizations, and communities through training programs and educational initiatives. Educating users about common cyber threats and safe online practices is vital in maintaining a secure digital environment.

Steps to Enhance Cyber Security:

1. Regular Software Updates: Keeping software and operating systems up to date with the latest security patches and fixes to address vulnerabilities.
2. Strong Passwords and Account Security: Using complex passwords, avoiding password reuse, and enabling two-factor authentication to strengthen account security.
3. Vigilance Against Phishing: Being cautious of suspicious emails, links, and attachments to avoid falling victim to phishing attempts.
4. Backup and Recovery: Regularly backing up data to external storage devices or cloud platforms to ensure data availability and recovery in case of a cyber attack or system failure.

Conclusion:

In a world driven by technology, cyber security has become an essential aspect of our daily lives. By understanding the significance of cyber security, implementing best practices, and promoting awareness, we can protect ourselves, our information, and our digital infrastructure from the ever-present cyber threats. Let us embrace a proactive approach, championing cyber security as a shared responsibility and working towards creating a safer and more secure digital world.

Essay on Why Is Privacy Important in Social Media

Identity theft and misuse a significant effects of social media on cybernetics. Most social media platforms do not concentrate much on their user privacy. Besides, most social media platforms require their user to enter some of their confidential information to sign in. A significant number of users are ignorant about how the info can be relevant to cyber criminals. Hence they willingly tend to enter. Since most platforms do not take into account the security of their user’s details, the info is left available to other users. The cybercriminal can easily access that information of their target.

The cybercriminal can use that information to carry out other criminal activities such as phishing, for self-gain. They can also sell or create new identities for other criminals. Therefore, it is easier for other perpetrators to commit unlawful activities and conceal them from law enforcement agencies. According to the researcher, there has been an even increase in the number of cases of identity theft and misuse every year. Social media networks are a significant cause of this increase.

The ability to track users is another effect of social media networks on cybercrime. The evolution of social media platforms has led to the emergence of features that allow their users to update their status frequently. Besides, most platforms ask the users to add information about their current and previous residence, and schools attended, among others. Users can also see and show their emotions on posts from other users regardless of their knowledge or friendship. If a user pins his current location and activity, likes and dislikes among others on his status, a cybercriminal can easily keep track of him. Also, through the users’ posts, such as photos, videos, and contexts, and the emotions the user shows on other users’ posts, computer criminals can effortlessly gather relevant information, analyze it, and predict their target next events. Using these predictions, the criminals can commit other more severe cyber-attacks. They can also sell that information to other criminals. Therefore, other perpetrators can pose a security threat to either the user or to other family members and friends.

Cyberterrorism is another serious effect of social media on cybercrime. Social media networks are meant to unite people around the globe. However, social media networks facilitate cyberterrorism. Terrorists, with the help of cybercriminals, exploit social media to accomplish several objectives, create unity disorder, generate financial income, acquire new identities, and data mining. Cybercriminals create new accounts on social media platforms, such as Facebook, using fake identities. They then send a friend request to as many users as possible within the area of the target. They can then use those accounts to mail graphics and contexts which can cause panic and distrust among people, hence distracting unity and facilitating terrorist attacks.

Moreover, cybercriminals steal the personal information of other social media users and use it to create new identities for the terrorists. They also use their data mining competency to pinch confidential information, such as credit card information, and use it to forge characters. They can then use the fake credit cards to make purchases and withdraw cash from the bank accounts of other social media users, to finance terrorism.

Property stalking is also a severe social media issue relating to cybercrime. Social media facilitates the transmission of harmful programs such as computer viruses malware, and ransomware, among others. Cybercriminals create such programs and attach them to posts and ads in such a way that if a social media platform user clicks, downloads, or opens a link with those malicious files, their computer gets affected.

The criminals create different files with different aims, sabotage, data mining, or financial gain. In most cases, criminals use ransomware for monetary gain. Ransomware conceals essential information from the computer owner. Therefore, the owner has to pay for the decryption of his data. On the other hand, cybercriminals use social media platforms to send malicious software that assists them in data mining and vandalism. They use the software to crack or hack into their targets’ computers.

Cyber-stalking and defamation is also a cybercrime that closely relates to social media. People consider social media as a better way to speak their minds. However, cybercriminals take it as a way to deliver defamatory content. In this case, criminals use defamatory materials to cyber-stalk their targets. Cyber-stalking refers to the use of the internet, and social media networks, as a medium of sending threatening materials to frighten or harass the recipient. The cybercriminals may create defamatory content on their target. They may then contact the target threatening to post these contents on the social media platforms. Here, the victim is forced to do as the criminals instruct them to do. Mostly, these criminals target reputable persons such as politicians.

The threat from using third-party applications is the impact of social media on the cybercrime that commonly affects youth. Almost every social media platform requires their users to enter their personal information while signing in. Some of these platforms have secure users’ data privacy. Hence, it is difficult for the intruders to access that info. Cybercriminals use third-party applications to access the information they need. Third-party applications may include games, and music apps, among others. They seek permission to access users’ data from social media platforms. Some of these applications may download malware. The cybercriminals may, therefore, use this malware to steal the relevant information they need when the user grants permission.

Privacy infringement also affects cybercrime. Most social media platforms give their user the privilege to choose the level of privacy of their personal information. When the user sets the default setting as public, the info is left accessible to everyone. Therefore, it is easy for criminals to access that information.

The users’ trust in social media networking site operators and strangers poses a potent effect of social media on cybercrime. Personal information and the content users post on social media are usually accessible to the operators. The gen can be available to the operators even after deletion. Some of these operators are not trustworthy. They can misuse or trade users’ data. Some users also offer trust to strangers quickly. Accepting friend requests from unknown people exposes a user to cyber-crime,

In conclusion, social media is the principal cause of the widespread cybercrime. It is changing to a gold mine of cybercriminals. It is not only a data mining site but also a market site where criminals trade information illegally. Its security vulnerability and users’ ignorance make it more favorable for cyber-crime.      

Impact of Jurisdiction on Cybercrime Prosecution

In the prosecution of cybercrime one of the most problematic issues is jurisdiction. Cybercrime presents difficulties in prosecution because it’s borderless. Cyberspace has made it possible for criminals to commit crimes anywhere in the world with ease of movement across geographic borders unmatched by law enforcement. Many of these criminals are not committing crimes in their country of origin which presents a challenge for law enforcement to apprehend them from a country, state, or nation where they have no jurisdiction.

Four examples of criminals who have committed cybercrimes in the U.S from other countries are Aleksandr Andreevich Panin, Hamza Bendellad, Julian Paul Assange Hawkins, and Gary McKinnon. Aleksandr Andreevich Panin and Hamza Bendellad were two hackers operating out of Russia and Algeria who created a malicious software called SPYEYE, which was designed to automate the theft of confidential, personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information. After a lengthy investigation the Federal Bureau of Investigation (FBI) confiscated the server located in Atlanta that had been used to distribute SPYEYE. The location of the Server used in the crime determined where court was held. Panin was apprehended at an Airport in Atlanta while Bendellad was arrested in Thailand and extradited to the United States. Unfortunately for law enforcement cooperation from host nations where the U.S has no jurisdiction are not always as easy as it was in the SPYEYE case.

Another instance where jurisdiction in the prosecution of cybercrimes becomes difficult is when a criminal from another nation commits a cybercrime in the US and then requests asylum to prevent extradition as it was in the cases of Julian Paul Assange Hawkins and Gary McKinnon. Julian Assange was an author, publisher and activist who was the creator of the website Wikileaks and was charged for publishing documents and videos that violated the Espionage Act of 1917 which carries a maximum sentence of 170 years in prison. During the time the U.S sought his extraditions to go on trial for his crimes he was also charged with sexual assault by Sweden who issued an international warrant for his arrest. After finding out about the charges Sweden brought against him Assange would turn himself in to U.K authorities. After failed attempts to fight the extradition to Sweden he sought Asylum in the Ecuadorian Embassy in London. A United Nations panel determined that Assange had been arbitrarily detained and recommended his release and compensation for deprivation of liberty. This ruling would be rejected by both the U.K and Sweden who would arrest him if he left the Embassy. After his Asylum was revoked by Ecuador he was arrested by the U.K authorities and tried for violating the Bail Act of 1976 and breaching the conditions of his bail prior to his Asylum. Julian Assange would only serve half of his sentence for breaching his bail agreement and is currently still in litigation surrounding how a conviction would affect his poor health.

In a similar case Gary McKinnon who was a systems administrator in London hacked into ninety-seven U.S Military and NASA Computers in 2001 damaging networks and viewing classified material. If convicted, he would have been sentenced to serve up to 70 years in Prison. Gary McKinnon was indicted by a federal grand jury in the Eastern District of Virginia but remained in the U.K during extradition hearings. Much like the Julian Assange case Gary McKinnon would prevent his extradition by multiple appeals until finally on 16 October 2012, the then-Home Secretary Theresa May announced to the House of Commons that the extradition would be blocked, saying that “Mr. McKinnon is accused of serious crimes. But there is also no doubt that he is seriously ill. He has Asperger’s syndrome, and suffers from depressive illness. Mr. McKinnon’s extradition would give rise to such a high risk of him ending his life that a decision to extradite would be incompatible with Mr. McKinnon’s human rights”.

Many other issues affect jurisdiction that are not restricted to physical locations such as what court has the Jurisdiction and authority to render judgements of cybercrimes or whether the crime committed is a civil or federal, or regulatory offense. Interagency conflict also arise as to who gets to apprehend and file charges against offenders. For example, when hacker Andrew Alan Escher Auernheimer was being served a warrant for identity fraud and conspiracy by the FBI and local law enforcement, cocaine, ecstasy, LSD, and schedule 2 and 3 pharmaceuticals were found in his possession, and so he was also charged for drug possession. While he was out on bail, he protested the legality of his arrest and the drug charges were dropped. Though he would be convicted and sent to prison, during his appeal it was found that since Auernheimer was located in Arkansas at the time of the crime, and the servers that he and his co-conspirator accessed were physically located in Dallas, Texas and Atlanta Georgia, the prosecution had no justification for bringing the case against Auernheimer in New Jersey thereby the Third Circuit federal appeals court issued an opinion vacating Auernheimer’s conviction, on the basis that the New Jersey venue was improper.

The examples given are but a few of the many examples of why jurisdiction is a critical and alarming issue in cybersecurity. The laws created for cybercrimes are not keeping up with technological advances or criminals’ abilities to circumvent the laws by finding legal loopholes in a broken system. Though Interpol helps to facilitate cross border investigations and apprehension of persons of interest, it must abide by the laws and decisions of the host state or nation. Perhaps increasing the intervention of the International Court of Justice or the Council of Europe’s Cybercrime Convention in matters concerning International crime would reduce cross border cybercrimes. Creating national and global laws that address who gets priority of prosecution in crimes committed in multiple jurisdictions that span different states or countries is paramount. Finally, in addition to reviewing and improving cybercrime laws, an increased effort needs to be made to promote education in cyber law to improve the efficiency of the justice system in the area of cybercrime for future lawmakers and citizens.

The Importance of Cybersecurity for Businesses

Cybersecurity is a growing field, where there are always new advances being made. Security forces continue to rapidly evolve in our technological world. Cybersecurity is the way of protecting electronic data which can be accessed through various networks and technology. Cybersecurity also protects from the access of unauthorized users from our email passwords, internet network, and the bank’s security on online banking. The reliance on electronic systems and networks has accelerated throughout history. We are in a digital era where is it important to be knowledgeable about how to protect ourselves and others. However, no one is immune to cyber-attacks and we must acknowledge this. Anyone can be attacked at any time. Users and companies need to be diligent in updating their information and keeping people aware. Three breaches occurred in the 21st century that made history in the cybersecurity world. These attacks occurred to three big-time corporations. They were Adobe in 2013, TJX in 2006, and lastly Enron in 2001. Data breaches can happen to anyone at any time.

Adobe is an American computer software company. Their company was attacked on October 3, 2013. This breach caused about 3 million credit card records to be stolen along with the data login information from tens of millions of users (Krebs on Security, 2013). Adobe was reluctant at first to announce the true number of users impacted and did not inform authorities at the time of the breach. Their company made a report that only three million users had been affected. However, the real number was around 38 million. The breach involved the thefts of security codes on various Adobe platforms. These platforms were the Adobe Acrobat, Adobe Reader, ColdFusion, and Adobe Photoshop. It was determined that Adobe was aware that the security protection their company was using at the time was very poor. “Adobe used the same encryption key for all passwords’ (Krebs on Security, 2013). They had never updated their encryption system and had never dismantled their old server. Because Adobe made this careless mistake “US District Judge Lucy Koh rejected Adobe’s request to dismiss the action because the impact on users was ‘very real’ despite the plaintiff’s inability to prove Adobe failed to inform them of the breach fast enough” (Pauli, 2015). This old server was how the hackers found their way into the Adobe system. The security breach was discovered by a security blogger who had found an anonymous post on a hacking forum (BBC, 2013). These forums can occur on the black web where hackers sell people’s information for a profit. After the attack had occurred Adobe made contact with users whose information was stolen. Adobe just urged its users to change their passwords. Adobe needs to be diligent on these types of updates and protecting its customer’s information. There was no sign that there was unauthorized activity on affected user’s accounts. Adobe had offered a years’ worth of credit monitoring to users whose credit card data was breached in response to the attack. However, it was discovered that there was a chance that the data that was corrupted could allow for hackers to “allow programmers to analyze how Adobe’s software works and copy its techniques” (BBC, 2013). For the future Adobe requires a subscription model. This model would require credit information in order for a user to be eligible for upgrades. This update created a second form of security for users. Adobe was able to update its security force to recover from this attack. However, Adobe had to pay close to 1.8 million dollars (Pauli, 2015) in attorney fees. Adobe agreed to settle the legal battle for an undisclosed amount of money.

TJX is an American company known for its low-price department store shopping. They had a data breach that occurred in mid-2005. The stores that were affected were T.J. Maxx, Marshalls, and HomeGoods. However, at first, this company refused to divulge the true size of its data breach. TJX kept their security information breach for more than two months. No one was identified or arrested for this data breach. TJX should have notified the users that were attacked immediately. The information that was breached was very crucial. If users were identified earlier, it could have saved private information from being stolen. The user could have stalled and notified their banks. The company announced that around 94 million (Vijayan, 2007) credit/debit card numbers were stolen from one of their systems. The data breach was noticed when there was a suspicious software installed on their computer systems. This is how the hacker was able to gain information from the shoppers. This data breach was extraordinary. Data was stolen from various users from multiple countries. These countries include the United Staes, Canada, Puerto Rico, United Kingdom, and Ireland. It allowed for access to user’s credit information. “The depositions say fraud-related losses of Visa cards range from $68 million to $83 million and will rise as thieves continue to use data from compromised cards” (Swartz, 2007). This attack caused banks of the users to block and reissue thousands of payments. The attack pushed TJX to update their security systems. They began to mask credit PIN data. They also frequently check transaction information to make sure there is no suspicious activity is occurring. TJX faced numerous lawsuits in conclusion to this data breach. The company paid $5 million (Vijayan, 2007) concerning the breach. However, it is unknown the total amount of money the company was ordered to pay.

Myspace who is an American social networking service, found themselves a victim of a historical attack in 2013. There were around 360 million (Bicchierai, 2016) user account was leaked and sold on the dark web. The data that was breached included email addresses, passwords, and usernames. Myspace wasn’t aware of the attack, so it is unknown when the data was exactly stolen. However, when Myspace was notified of the hack users were kept in the dark for a while. The hackers were identified as Peace and an operator of LeakedSource. The data was uploaded on the black web where it was traded and sold to numerous individuals. “Peace was asking for 6 Bitcoin (roughly $2,800) for the stolen passwords and emails” (Bicchierai, 2016). The passwords were hashed with the ‘SHA1 algorithm’ (Bicchierai, 2016). However, this algorithm is known to be weak and easy to crack. Myspace also did not salt their passwords making it easier to hack. Salting is used in password hashing which makes it harder for hackers to gain access and information. Myspace ordered their user to change their passwords after the attack. The company also updated their algorithms to stop future attacks and started to salt their passwords. In the future, Myspace should be diligent on keeping their users informed when attacks occur. This would create the user to take action and protect their private information.

Data breaches can occur at any moment and to any person. With increasing technology, hacking is becoming more prominent. As we can see, cyber-attacks can be detrimental and has everlasting effects. Information like passwords, credit card access, login IDs, and email passwords can be stolen in the blink of an eye. Big-time corporations must keep up with their security systems. Individuals want to be able to trust companies with their personal information. It is important that we as users are aware of these attacks and that changing our passwords and information can help reduce the impact of the attacks. Adobe who was hacked in 2013 but made great strides to gain the trust of its users again. They updated their security forces and required future subscriptions to be made to gain access to accounts. Companies like TJX updated their PIN data as well as frequently checking transaction history for suspicious activity. Myspace updated their algorithms so it wouldn’t be easy for a hacker to gain access to users’ personal information. These three companies took hard hits to their security forces. But they took action in correcting their mistakes and updating their security for their users. These companies need to admit to their failures and learn from them. We can use these hacking experiences and learn from them for the future. Companies can use these examples to create protective steps and measure when an attack occurs. They should have backup plans created to follow when attacks are made. However due to the technological advances being made daily; cybersecurity is becoming an increasingly important topic. Cyberattacks are becoming more prominent due to access to technology and information. Users need to be aware of in order to protect themselves.