Real Life Cyber Crime
1) Identity Theft
Identity theft is the act of obtaining another person’s personal information to assume their name and identity. People all over the world have suffered through this ordeal with a slim chance of getting justice. The United Arab Emirates has been radically affected by these crimes in recent years. In the year 2017, 3.72 million customers lost approximately DH3.86 billion, which is an equivalent of $1.05 billion to cybercrime (Bendovschi, 2015). For instance, the Bollywood actress by the name Ruchika Panday was in shock back in 2019 when her debit card was declined for having insufficient funds. Ruchika, who had recently sold her Dubai apartment for DH 800000 and deposited the money in her Dubai bank account, was left almost penniless (Grabosky, Zhong, & Chang, 2018). The incident occurred when someone convinces her mobile operator to issue them with a replacement sim with her name. This sim was later used to drain Ruchika’s account, leaving her bankruptcy. One of the security vulnerabilities exploited by hackers is the lack of privacy on personal information from their victims.
One way in which people can protect themselves is by asking for clarity, for instance, if real estate agents ask for their personal information (Räsänen, Keipi, Oksanen, & Näsi, 2015). Clients have the right to know how this information will be used, shared, and protected by the company. It is also crucial for people to give out personal information only when necessary. Another way of preventing identity theft is by doing away with relevant sources containing personal data. People engaging in the online business should avoid transacting with people or firms they have no or little information about. People should be entirely sure and aware of people they do business with online since one could easily be duped (Nowacki & Willits, 2016) ( Higgins & Marcum, 2019).
The internet has increased the efficiency of conducting business transactions among other activities but poses a risk of identity theft. Several online businesses have also emerged, increasing the risk of fraud significantly. Companies have developed ways of protecting clients with personal information to avoid identity theft. One technical issue I learned is that companies can instill various measures to protect their clients. The Standard Chartered Bank, for example, has several controls that they have put in place before processing customer-initiated transactions. For example, the use of passwords that meet specific criteria and application of risk-based authentication to prevent unauthorized access by hackers (Yar and Leukfeldt, 2016). Other firms should emulate the bank example and put in place measures that will reduce the occurrence of fraud. Seeking justice for identity theft is almost impossible; hence it’s up to every individual to protect themselves from such crimes. There are so many unresolved cases in the UAE concerning identity theft because it is difficult to trace those involved in the crime. My opinion on identity theft is that the responsibility of protecting an individual against identity theft, therefore, falls slowly on the individual.
Fig 1: A graphical of identity theft
Fig 1: Bocetta, Sam (2018) datafloq Retrieved on April 14, 2020
ARTstor https://datafloq.com/read/difference-between-big-data-identity-theft/5646
2) Breach of Information
Breach of information is another form of cyber-crime where hackers can access unauthorized information to conduct fraud or theft. An example of this crime is a hack conducted by Paige Thompson, who worked as a software engineer at Amazon Web Services. Through a successful hack, Thompson gained access to over 100 million financial records occurring in March 2019( Werners, Schilling, Konradt, 2016). The security vulnerability exploited by Thomson was the existence of a misconfigured web application firewall, which Thompson used to obtain the information. This act of negligence by Capital One firm put its clients at risk and raised significant concerns among Americans. Capital One later reported that they had fixed this vulnerability to avoid future hacks.
The breach of security issues at Capital One entity was blamed on Thompson. It is alleged that such information was obtained from a directory of the company servers from a select command. The former employee of Amazon Web Services made less effort to cover her identity after posting the information on GitHub with her first, second, and last names. According to an FBI agent investigating Thompson’s case claimed she had tweeted she wanted to post a list of social security numbers with full names and date of birth. The firm received the news about the hack by one person who had seen the information on GitHub. The company reported the case to an FBI who found evidence after searching Thomson’s premises. Thompson was arrested, acknowledging her offense of violating the privacy of Capital One clients.
The capital one cyber-attack raised several concerns among Americans that felt needed to be changed to secure client information. For instance, the use of social security numbers as IDs put individuals at risk of cyber-crimes due to the occasional need to share the name. Clients have also become reluctant to trust banks to protect their information. The Capital One attack proved that banks are negligent and can expose their clients to cyber-crimes following the Thompson incident. The bank’s failure to configure and secure their system put their clients at risk of losing vast sums of money. It is, therefore, crucial for banks and other firms to ensure the safety of client information by put necessary measures in place. Americans also feel that Congress should be involved in fighting the breach of data. Proper legislation should be done to reduce the occurrence of cyber-crimes. What I learned from this attack is that companies may expose their clients to the risk of financial losses due to inadequate security systems. In my opinion, companies should be held accountable for exposing their clients to risk like in the case of Capital One attack.
Fig 2: A graphic showing how hackers gain access to confidential information.
Fig 2: Taylor, Hugh (2018) prey project retrieved on April 14, 2020
ARTstor https://preyproject.com/blog/en/what-is-a-data-breach/
3) The use of the Dharma Ransomware
Dharma ransomware ware emerged in 2016 and has since been associated with a series of cyber-crimes. The US, for instance, has suffered several cyber-crimes, which includes the takedown of hospitals. It first starts with a phishing email that claims to be from Microsoft. Such emails may argue that the victim’s PC is at risk encouraging the user to update and verify their anti-virus using a downloaded link. Files that include anti-virus and Dharma ransomware are successfully downloaded upon clicking their universal resource location (URL). When the download is complete, the Dharma software begins extracting information while the user is asked to follow a series of steps. After installation is complete, the user is ambushed with a ransom note demanding payment to unlock the files. The ability of hackers to access a company or personal PCs is a crucial security and vulnerability concern that needs to be resolved.
A real-life example is that of a Dubai Firm that was forced to halt its operations following a ransom demanded by a hacker after falling victim to a ransom attack. The incident made computers useless, and the only choice the firm had was to pay the ransom for them to start working again. The company consulted several IT experts both from India and Dubai without success. The hacker asked to be paid 300 bitcoins through an account he had provided to unlock the files. The company, however, decide not to follow through with the arrangement but instead find an alternative solution to their problem since there was no guarantee that the hacker will indeed open the files (Yar & Leukfeldt, 2016). Firms should be aware of emails and notification they receive from fraudulent sources.
There are several ways in which individuals and firms can apply to protect themselves from the Dharma ransomware. One way of doing this is by keeping a backup of data and files that can be restored in case of a ransom attack. Ransom attacks mainly occur through remote desktop servers. Firms should, therefore, ensure that no computers running in remote locations are directly connected to the internet (Ravana, Varathan, & Al-garadi, 2016). Taking precautions by scanning all attachments is required. A firm needs to install a reliable security system that scans all files and attachments received. Practicing precautions while opening files from anonymous senders are one effective way of reducing ransom attacks from hackers (Werners, Schilling, Konradt, 2016). From the attack, I learned that firewalls could help keep the hackers away. My view on this particular attack is; people and organizations should install ransomware protection software to prevent any hackers who may want to explore their security vulnerabilities.
A graphic of a Ransomware attack
Fig 3: Wagner, Andrew (2017) Symantec (PSB News Hour) retrieved on April 14, 2020, ARTstor https://www.youtube.com/watch?v=PvnHu5KkWjQ
References
Higgins, G. E., & Marcum, C. D. (2019). Cybercrime. Springer Link, 459-475. doi:https://doi.org/10.1007/978-3-030-20779-3_23
Bendovschi, A. (2015). Cyber-Attacks – Trends, Patterns, and Security Countermeasures. Elsevier, 24-31. doi:https://doi.org/10.1016/S2212-5671(15)01077-1
Grabosky, P. N., Zhong, L. Y., & Chang, L. Y. (2018). Citizen co‐production of cybersecurity: Self‐help, vigilantes, and cybercrime. Wiley Oline Library, 101-114. doi:https://doi.org/10.1111/rego.12125
Nowacki, J., & Willits, D. (2016). The use of specialized cybercrime policing units: an organizational analysis. Taylor & Francis Oline, 105-124. doi:https://doi.org/10.1080/1478601X.2016.1170282
Räsänen, P., Keipi, T., Oksanen, A., & Näsi, M. (2015). Cybercrime victimization among young people: a multi-nation study. Taylor & Francis Oline, 203-210. doi:https://doi.org/10.1080/14043858.2015.1046640
Ravana, S. D., Varathan, K. D., & Al-garadi, M. A. (2016). Cybercrime detection in online communications: The experimental case of cyberbullying detection in the Twitter network. Elsevier, 433-443. doi:https://doi.org/10.1016/j.chb.2016.05.051
Werners, B., Schilling, A., & Konradt, C. (2016). Phishing: An economic analysis of cybercrime perpetrators. Elsevier, 39-46. doi:https://doi.org/10.1016/j.cose.2015.12.001
Yar, M., & Leukfeldt, E. R. (2016). Applying Routine Activity Theory to Cybercrime: A Theoretical and Empirical Analysis. Taylor and Francis Oline, 263-280. doi:https://doi.org/10.1080/01639625.2015.1012409