CYBER CRIMES

Table of Contents

Sr# Contents Page#

1 What is Cyber Crime?

2 Brief History of Cyber Crime
3 Types of Cyber Crime
Some Cyber Crimes and their Solutions
4
Cyber Crimes in Pakistan
5 Cyber Crimes & Federal Board of Investigation Pakistan
6 Functions of FIA Crime Circles
7 Intellectual Property Rights Crimes
8 FIA’s Crimes Case Summary [2005 to October 2008]
9 Pakistan’s Cyber Crime Wing
Pakistan’s Cyber Crime Bill 2007
10
How to yourself from Cyber Crimes?
11 References
12
13

M. Qavi Kaleem Khan [1]

 CYBER CRIMES

What is Cyber Crime?

Cybercrime, Computer Crime, e-crime, hi-tech crime or electronic
crime generally refers to criminal activity where a computer or network is
the source, tool, target, or place of a crime. These categories are not
exclusive and many activities can be characterized as falling in one or more
category. Additionally, although the terms computer crime and cybercrime
are more properly restricted to describing criminal activity in which the
computer or network is a necessary part of the crime, these terms are also
sometimes used to include traditional crimes, such as fraud, theft, blackmail,
forgery, and embezzlement, in which computers or networks are used to
facilitate the illicit activity. As the use of computers has grown, computer
crime has become more important.

Computer crime can broadly be defined as criminal activity involving an

information technology infrastructure, including illegal access (unauthorized
access), illegal interception (by technical means of non-public transmissions
of computer data to, from or within a computer system), data interference
(unauthorized damaging, deletion, deterioration, alteration or suppression of
computer data), systems interference (interfering with the functioning of a
computer system by inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data), misuse of devices,
forgery (ID theft), and electronic fraud.

Brief History of Cyber Crime

1971

• John Draper discovers the give-away whistle in Cap'n Crunch cereal

boxes reproduces a 2600Hz tone. Draper builds a ‘blue box’ that, when
used with the whistle and sounded into a phone receiver, allows
phreaks to make free calls. Esquire publishes "Secrets of the Little Blue
Box" with instructions for making one. Wire fraud in the US escalates.
• A rogue program called the Creeper spreads through early Bulletin
Board networks

M. Qavi Kaleem Khan [2]

 CYBER CRIMES

1972

• The InterNetworking Working Group is founded to govern the

standards of the Internet. Vinton Cerf is the chairman and is known as
a "Father of the Internet”.

1973

• Teller at New York's Dime Savings Bank uses a computer to embezzle

over $2 million

1978

• First electronic bulletin board system (BBS) appears; becomes the

primary means of communication for the electronic underground..

1981

• Ian Murphy, aka. "Captain Zap“, becomes first felon convicted of a

computer crime. Murphy broke into AT&T’s computers and changed the
billing clock so that people receive discounted rates during normal
business hours.

1982

• Elk Cloner, an AppleII boot virus, is written.

1983

• Movie WarGames introduces public to the phenomenon of hacking

(actually war-dialing).
• US Secret Service gets jurisdiction over credit card and computer
fraud.

1984

• Phiber Optik forms Masters of Deception hacking group.

• US Comprehensive Crime Control Act gives Secret Service jurisdiction
over computer fraud.
• Hacker magazine 2600 begins publication (still in print; see Captain
Crunch for the derivation of the name).

1985

• Online hacking magazine Phrack established.

1986:

M. Qavi Kaleem Khan [3]

 CYBER CRIMES

• Pakistani Brain, the oldest virus created under unauthorized

circumstances, infects IBM computers.
• After many break-ins into govt. and corporate computers, Congress
passes the Computer Fraud and Abuse Act, making this a crime. The
law does not cover juveniles.

1987

• Computer Emergency Response Team (CERT) created.

1988

• Kevin Mitnick secretly monitors the e-mail of MCI and DEC security
officials. He is convicted and sentenced to a year in jail.
• Kevin Poulsen is indicted on phone-tampering charges. He goes on the
run and avoids capture for 17 months.
• First National Bank of Chicago is the victim of $70-million computer
theft.
• Robert T. Morris, Jr., graduate student at Cornell University and son of
a chief scientist at the NSA, launches a self-replicating worm (the
Morris Worm) on the government's ARPAnet (precursor to the
Internet). The worm gets out of hand and spreads to over 6000
networked computers, clogging government and university systems.
Morris is dismissed from Cornell, sentenced to three years' probation,
and fined $10K.

1989

• First large-scale computer extortion case is investigated - under the

pretence of a quiz on the AIDS virus, users unwittingly download a
program which threatens to destroy all their computer data unless they
pay $500 into a foreign account.
• Hackers in West Germany (loosely affiliated with the Chaos Computer
Club) are arrested for breaking into US government and corporate
computers and selling operating-system source code to the KGB.

1990

• The Electronic Frontier Foundation (EFF) is formed.

• Legion of Doom and Masters of Deception engaged in online warfare -
jamming phone lines, monitoring calls, trespassing in each other's
private computers.
• After a prolonged sting investigation, Secret Service agents swoop
down on organizers and members of BBS’s in 14 US cities, including
the Legion of Doom. The arrests are aimed at cracking down on credit-
card theft and telephone and wire fraud.

1991

M. Qavi Kaleem Khan [4]

 CYBER CRIMES

• Kevin Poulsen is captured and indicted for selling military secrets.

1992

• Dark Avenger releases 1st polymorphic virus.

1993

• During radio station call-in contests, hacker-fugitive Kevin Poulsen and

friends rig the stations' phone systems to let only their calls through.
They win two Porsches, vacation trips and $20,000.
• First DefCon hacker conference held in Vegas.

1994

• 16-year-old student, nicknamed “Data Stream”, arrested by UK police

for penetrating computers at the Korean Atomic Research Institute,
NASA and several US govt. agencies.
• Five members of the Aum Shinri Kyo cult's Ministry of Intelligence
break into Mitsubishi Heavy Industry's mainframe and steal Megabytes
of sensitive data.
• Hackers adapt to emergence of the World Wide Web, moving all their
how-to information and hacking programs from the old BBS’s to new
hacker Web sites.

1995

• Russian crackers steal $10 million from Citibank. Vladimir Levin, the
ringleader, uses his work laptop after hours to transfer the funds to
accounts in Finland and Israel. He is tried in the US and sentenced to
3 years in prison. All but $400K of the money is recovered.
• The French Defence Ministry admits Hackers succeeded in stealing
acoustic codes for aircraft carriers and submarines
• Movies ‘The Net’ and ‘Hackers’ released.
• Hackers deface federal web sites.
• Macro viruses appear.
• Kevin Mitnik arrested again for stealing credit card numbers. He is
jailed on charges of wire fraud and illegal possession of computer files
stolen from Motorola and SUN. He remains in jail for 4 years without
trial.

1996

• John Deutsh, CIA director, testifies foreign organized crime groups

behind hacker attacks against the US private sector.
• US Communications Decency Act (CDA) passed – makes it illegal to
transmit indecent/obscene material over Internet.
• Canadian hackers (the ‘Brotherhood’) break into CBC.
• South Korean media reports that North Korean government officials are
engaging in efforts to obtain foreign proprietary technology through

M. Qavi Kaleem Khan [5]

 CYBER CRIMES

indirect methods.Bell Research Labs in the US announce they have

found a way to counterfeit the electronic money on smart cards.
• The US General Accounting Office reports hackers attempted to break
into Defense Dept. computer files 250,000 times in 1995. About 65%
of these attempts were successful.

1997

• Freeware tool AOHell is released - allows unskilled hackers (script

kiddies) to wreak havoc on America Online.
• US Supreme court strikes down Communications Decency Act (CDA).
• America On-line (AOL), one of the largest Internet service providers in
the US, cuts direct access for its users in Russia due to the high level
of fraud.
• The German Chaos Computer Club claims it was able to penetrate
Microsoft's Internet software and the financial management program
Quicken, and transfer money between accounts without either the
account holder or bank realizing the transaction was unauthorized.
• FBI’s National Computer Crimes Squad reports 85% of companies have
been hacked, and most never know it.

1998

• Hacking group Cult of the Dead Cow releases a Trojan horse program
called Back Orifice at Defcon. Once installed a Windows 9x machine the
program allows for unauthorized remote access.
• Timothy Lloyd is indicted for planting a logic bomb on the network of
Omega Engineering, causing millions in damage.
• Hackers alter The New York Times Web site, renaming it HFG (Hacking
for Girlies).
• During heightened tensions in the Persian Gulf, hackers break-in to
unclassified Pentagon computers and steal software programs.
• Information Security publishes its first annual Industry Survey, finding
that nearly three-quarters of organizations suffered a security incident
the prior year.
• L0pht testifies to the senate that it could shut down nationwide access
to the Internet in less than 30 mins.

1999

• The Melissa worm is released and becomes the most costly malware
outbreak to date (Mar).
• US Defense Dept. acknowledges 60-80 attacks per day (Mar)
• Kevin Mitnick, detained since 1995 on charges of computer fraud, signs
plea agreement (Mar).
• The April 26 CIH virus strikes individual PC users around the world.
Less common than Melissa, CIH was intended to overwrite hard drives,
erasing everything on them (Apr)

M. Qavi Kaleem Khan [6]

 CYBER CRIMES

• The US Justice Dept. declines to prosecute former CIA Director John

Deutch for keeping 31 secret files on his home computer after he left
office in 1996 (Apr)
• David Smith pleads guilty to creating and releasing the Melissa virus.
It's one of the first times a person is prosecuted for writing a virus
(Dec).

2000:

• Russian cracker attempts to extort $100K from online music retailer

CD Universe, threatening to expose thousands of customers' credit
card numbers. He posts them on a website after the attempted
extortion fails.
• Barry Schlossberg (aka. Lou Cipher) is successful at extorting 1.4M
from CD Universe for services rendered in attempting to catch the
Russian hacker. (Jan)
• Denial of Service (DoS) attacks by ‘Mafia Boy’ on eBay, Yahoo! and
other popular sites render them temporarily unavailable to their users
(and cause those companies significant financial losses) (Feb)
• Activists in Pakistan and the Middle East deface Web sites belonging to
the Indian and Israeli govts. to protest oppression in Kashmir and
Palestine.
• Hackers break into Microsoft's corporate network and access source
code for the latest versions of Windows and Office software.
• A news release issued by Internet Wire, and reported by Bloomberg
and other news organizations, causes Emulex stock to plunge from
$110 a share to $43 on the NASDAQ exchange in minutes. A former
Internet Wire employee, believed to have authored the bogus story,
faced charges and is alleged to have pocketed $241,000 short-selling
Emulex shares that day (Aug).
• Distributed Denial of Service (DDoS) attacks are launched against :
Yahoo, eBay, CNN.com, Amazon.com, Buy.com, ZDNet, E*Trade, etc.
• Pres. Clinton says he doesn't use e-mail to communicate with his
daughter Chelsea at college, because he doesn't think the medium is
secure.
• The "I Love You" virus spreads quickly by causing copies of itself to be
sent to all individuals on the affected computer’s address book (by
attaching VBScript executable code to e-mails) (May).
• SANS releases its first "Top 10 Vulnerabilities" list, denoting the most
prevalent problems exploited by hackers.
• Kevin Mitnik is released from prison (Jul).
• FBI establishes fake security start-up company in Seattle and lures two
Russian citizens to U.S. soil on the pretense of offering them jobs, then
arrests them. The Russians are accused of stealing credit card
information, attempting to extort money from victims, and defrauding
PayPal by using stolen credit cards to generate cash. (Nov)

2001

• Microsoft falls victim of a new type of attack against domain name

servers, corrupting the DNS paths taking users to Microsoft's Web

M. Qavi Kaleem Khan [7]

 CYBER CRIMES

sites. This is a Denial of Service (DoS) attack. The hack is detected

within hours, but prevents millions of users from reaching Microsoft
Web pages for two days.
• The L10n worm is discovered in the wild attacking older versions of
BIND DNS.
• Dutch cracker releases Anna Kournikova virus, initiating wave of
viruses tempting users to open infected attachments by promising a
sexy picture of the Russian tennis star (Feb).
• FBI agent Robert Hanssen is charged with using his computer skills and
FBI access to spy for Russia (Mar).
• Code Red, the first polymorphic worm, infects tens of thousands of
machines (Aug).
• Spurred by rising tensions in Chinese-American relations, US and
Chinese hackers engage Web defacement skirmishes. (May)
• Antivirus experts identify Sadmind, a new cross-platform worm that
uses compromised Sun Solaris boxes to attack Windows NT servers.
(May)
• Russian programmer Dmitry Sklyarov is arrested at the annual Defcon
hacker convention. He is the first person criminally charged with
violating the Digital Millennium Copyright Act (DMCA). (Jul)
• The Nimda memory-only worm wreaks havoc on the Internet, eclipsing
Code Red's infection rate and recovery costs. (Sept)
• Napster shuts down after legal challenges from the recording industry
and Metallica.
• The 9/11 World Trade Center and Pentagon terrorist attacks spark
lawmakers to pass a barrage of anti terrorism laws (incl. the Patriot
Act), many of which group Hackers with terrorists, and remove many
long standing personal freedoms in the name of safety.
• Microsoft and its allies vow to end "full disclosure" of security
vulnerabilities by replacing it with "responsible" disclosure guidelines.
• EU publishes report on its investigation of the ECHELON system,
purportedly used by the US, UK, Canada, Australia and NZ to spy on
radio, telephone and Internet communications. Meant for military and
defense use, there is suspicion it is being used to invade personal
privacy and for commercial spying.
• EU adopts a controversial cybercrime treaty which makes the
possession and use of hacking tools illegal (Nov)

2002

• Bill Gates decrees that Microsoft will secure its products and services,
and kicks off a massive internal training and quality control campaign
(trustworthy computing) (Jan)
• An Information Security survey finds that most security practitioners
favor full disclosure since it helps them defend against hacker exploits
and puts pressure of software vendors to improve their products.
• Roger Duronio, UBS PaineWebber sys-admin, plants a logic bomb
which costs $3M+ in losses/repairs (Mar)
• The Klez.H worm becomes the biggest malware outbreak in terms of
machines infected, but causes little monetary damage (May).

M. Qavi Kaleem Khan [8]

 CYBER CRIMES

• Shadowcrew's Web site appears, with forums for information on

trafficking in personal information (Aug)

2003

• SQL Slammer, targeting MS SQL Server, becomes fastest spreading

worm in history (Jan).
• U.S. convicts Kazakhstan cracker of breaking into Bloomberg L.P.'s
computers and attempting extortion (Feb).
• Former employee of Viewsonic arrested, charged with hacking into
company's computer and destroying data. (Feb)
• MS Blaster worm and variants (Welchia) released, arrests follow (Aug).
• A worm disables critical safety systems at a nuclear power plant in
Ohio (Aug).
• RIAA (Recording Industry Association of America) sues 261 people for
distributing MP3s over P2P networks (Sep).
• U.S. Justice Department announces more than 70 indictments and 125
convictions or arrests for phishing, hacking, spamming and other
Internet fraud as part of Operation CyberSweep. (Nov)
• Microsoft offers $250K each for information leading to the arrest and
conviction of those responsible for unleashing the MSBlast.A worm and
Sobig virus (Nov)
• Two men hack into wireless network at Lowe's store in Michigan and
steal credit card information (Nov).

2004

• Brian Salcedo sentenced to 9 years for hacking into Lowe's home

improvement stores and attempting to steal customer credit card
information. Prosecutors said three men tapped into the wireless
network of a Lowe's store and used that connection to enter the
chain's central computer system in NC, installing a program to capture
credit card information.
• Multiple variants of MyDoom worm released to launch DoS attacks
against SCO and Microsoft. Netsky, Sasser, Bagel, Sober follow (Feb).
• Secret Service seizes control of the Shadowcrew Web site and arrests
28 people in 8 states and 6 countries. They are charged with
conspiracy to defraud the US. Nicolas Jacobsen, is charged with
hacking into a T-Mobile computer system, exposing documents the
Secret Service had e-mailed to an agent. (Operation Firewall, Oct)
• CERT stops tracking number of security incidents.
• US CAN-SPAM act passed to prosecute spammers. Jeremy Jaynes &
Jessica DeGroot first to be convicted under CAN-SPAM act (Jaynes
sentenced to 9 years). (Nov)

2005

• Netcraft survey estimates more than 60M web sites online.

• Paris Hilton’s T-Mobile phone is hacked, and photos and celebrity
private phone numbers posted on Web (Feb).

M. Qavi Kaleem Khan [9]

 CYBER CRIMES

• Choicepoint acknowledges that thieves posing as legitimate

businessmen accessed 145K consumer records, including credit reports
and Social Security Numbers. (Feb)
• Bank of America has 1.2M names and Social Security numbers stolen
(Feb).
• Juju Jiang sentenced to 27 months for installing keyloggers at Kinkos
locations in NY; used confidential information to access individual bank
accounts (Feb)
• FBI's e-mail system is hacked (Feb)
• Lexis Nexis announces hackers have stolen private information on 32K
people, including Social Service Numbers (SSN’s) and passwords (Mar)
• Undisclosed application security issue on Cisco's site forces global
password reset (Mar)
• DSW/Retail Ventures – 100,000 accounts hacked; Boston College –
120,000 accounts hacked (Mar)
• BJ’s Wholesale Club – information on 40K credit cards stolen from
outsourcer IBM (Mar).
• Keystroke loggers are used in heist at Sumitomo Mitsui Bank in London
almost nets thieves £220M (Mar)
• Lexis-Nexis – another 280,000 account passwords compromised (Apr).
• Polo Ralph Lauren/HSBC – 108,000 accounts hacked; DSW/Retail
Ventures – 1.3M more accounts hacked (Apr)
• Wachovia/Bank of America/PNC Financial Group/ Commerce Bancorp –
insiders hack 670K+ accounts (Hackensack) (Apr)
• The Samy worm at MySpace makes everybody Samy’s friend (Apr)
• Tel Aviv Magistrate's Court remanded several people from some of
Israel's leading commercial companies and private investigators
suspected of commissioning and carrying out industrial espionage
against their competitors, which was carried out by planting Trojan
horse software in their competitors' computers. (Apr)
• CardSystems admits hackers planted virus and accessed 14M credit
card numbers (potentially 40M); company folds (Jun)
• Boston College - 120K accounts hacked (Mar); Tufts University – 106K
accounts hacked (Mar); University of Hawaii – insider compromises
150K accounts (Jun); University of Connecticut – 72K accounts hacked
(Jun); University of Southern California – 270K accounts hacked
(Jul); University of Utah – 100K accounts hacked (Aug).
• Allan Carlson convicted of computer and identity fraud, sentenced to
48 months; spoofed e-mails complaining about poor performance of
Philadelphia Phillies (Jul)
• Canada's 'Prince of Pot', Marc Emery, is arrested on a US
indictment charging him with selling millions of dollars worth of
marijuana seeds over the Internet to customers throughout the US
(Jul)
• US Air Force – 33,300 accounts hacked (Aug)
• Zotob worm attacks Windows 2000 computers (Aug)
• Microsoft wins $7M settlement against Spam king Scott Richter, plus
promise to stop future spamming (Aug)
• Insufficient authorization on Verizon's MyAccount feature allows users
to view each other’s information (Aug).

M. Qavi Kaleem Khan [ 10 ]

 CYBER CRIMES

• 3,800 customer credit-card numbers stolen in attack on Guidance

Software web site (Nov)
• Janus Mutual Fund uses predictable identifier to authenticate its share
holders, enabling them to vote for others (Dec).
• Breaches at Sam’s Club, OfficeMax and an unnamed ATM network
result in an increase of debit card fraud.
• Chinese cyber-espionage ring code-named ‘Titan Rain’ hacks into US
military bases, defense contractors and aerospace companies.
• Equifax and TransUnion, Canada’s main credit bureaux, receive an
average of 1,600 calls / month regarding the theft of financial or
credit information.
• Information warehousing companies (Choicepoint, Lexis Nexis,
CardSystems, Equifax, TransUnion) are popular targets since they
possess volumes of information on private individuals.
• PhoneBusters reports 11K+ Identity Theft complaints in Canada, and
total losses of $8.5M, making this the fastest growing form of
consumer fraud in North America.

2006

• Hackers break into Department of Homeland Security computers,

install malware, and transfer files to a remote Chinese-language Web
site; Unisys (the contractor) charged with covering up the intrusion.
• HP Chair Patricia Dunn uses pretexting to obtain home phone records
of board of directors. (Sep)
• Bulk e-mailer Scott Levine of Snipermail.com gets 8 year prison
sentence for stealing more than 1B personal records from Acxiom, a
data repository company (back in ’05).
• Private information of Canadian gun owners exposed on Canadian
Federal Gun Registry (Mar).
• Stolen Boeing laptop exposes personal information on 3.6K employees
(Apr).
• Ohio University alumni relations server compromised and 137K SSN’s
stolen (April); separate hacks in May lead to further thefts.
• Westjet settles with Air Canada for $15.5M, concluding a lawsuit Air
Canada filed in 2004 accusing its rival of illegally accessing confidential
data from an employee website (May).
• US Dept. of Veterans’ Affairs information stolen from employee’s home
(28M identities stored on laptop) (May); an additional 2.1M added to
list in June; laptop recovered in June; FBI claims no data stolen.
• Personal information of Humana Medicare customers compromised
when insurance company employee called up the data through a hotel
computer and then failed to delete the file (17K) (June) .
• Hackers access credit card and other personal information of
customers who purchased DSL equipment from AT&T's online store
(20K) (Aug).
• Hacker accesses Linden Lab’s Second Life database and steals
unencrypted account names, real life names and contact information,
and encrypted passwords and payment data. Second Life is a 3-D
virtual world. (Sept).

M. Qavi Kaleem Khan [ 11 ]

 CYBER CRIMES

• Hackers seize control of 78 BC government computers for two months

before being detected. They loade porn movies on to the computers,
using the government's network as part of a pay-for-porn business.
(Feb)
• Fedex exposes 8.5K W2 employee tax forms (Feb).
• A bank machine in Virginia Beach is reprogrammed to dispense $20
bills in place of $5 bills. The machine was left this way for 9 days
before someone mentioned the discrepancy to the store clerk. (Aug)
• Alabama nuclear power plant shut down due to excessive network
traffic (Aug)
• According to a Gartner study, the 1.5M Americans were victims of
Identity Theft in 2006 victim. Every minute 28½ people become
victims, or a new victim approx. every 2 seconds.

2007

• Retailer TJMaxx (Winners, Homesense) notifies consumers that server

breaches between July 2005 and January 2007 had exposed personal
data (45M+ debit and credit cards, $180M direct cost so far) (Jan).
• Payment services firm MoneyGram notifies consumers that server
breaches exposed personal data (80K) (Jan).
• Nokia Canada Web Site defaced using an XSS attack (Jan).
• A priority code used to get a free platinum pass to MacWorld was
validated on the client, enabling anyone get free passes (Jan) (A
similar hack works in 2008).
• Online payment services firm E-Gold charged with money-laundering
(Apr) (convicted in 2008)
• AG’s from several US States demand that NewsCorp’s social
networking site MySpace provide list of sex offenders who have
registered at the site (May).
• The Chinese government and military are accused of hacking other
nations’ networks, including US pentagon networks, and German and
UK government computers.
• DoS attacks are launched against various government websites in
Estonia, including the country’s police, Min. of Finance and parliament
(May).
• Oracle files lawsuit against SAP, charging that the company's
TomorrowNow subsidiary had inappropriately downloaded software
patches and documents from Oracle's online support service (Mar).
• Monster.com and other job sites are hacked and resume information
stolen (Aug).
• Hackers post sensitive information on 1.2K e-Bay users to forum for
preventing fraud on the auction site (Sep)
• TD Ameritrade announces that a compromised company computer had
leaked the e-mail addresses of all its 6.3M customers from July 2006
(used for pump and dump spam). E*Trade suffers from similar attack
(Sep).
• US Secret Service arrest security consultant Max Ray Butler (‘Max
Vision’) for managing an identity theft ring on the online credit-
counterfeiting forum, CardersMarket (Sep)

M. Qavi Kaleem Khan [ 12 ]

 CYBER CRIMES

• A known vulnerability in the helpdesk software used by hosting

provider Layered Technologies results in information leakage, including
names, addresses, phone numbers and email addresses of up to 6,000
of the company's clients (Sep).
• A hacker exploits a leftover admin function on eBay to block users and
close sales (Oct).
• The Storm Worm (a bot program first spotted in Jan), continues to
spread spam, promote pump&dump schemes; hides bot computers
with DNS fluxing, launches DoS attacks against machines probing its
bots.
• Russian Business Network (RBN) offers bulletproof hosting, allowing
sites which host illegal content to stay online despite legal takedown
attempts. Sept’s attack on Bank of India, various MPack attacks use
RBN services. (Oct)
• A flaw in Passport Canada's website allows access to the personal
information - social insurance numbers, dates of birth and driver's
licence numbers - of other people applying for new passports (Nov).
• Infamous Russian malware gang RBN use SQL injection to penetrate
US government sites (Nov).
• A vulnerability in WordPress allows spammers to penetrate Al Gore’s
web site, modify pages, and post spam comments (Nov)
• John Schiefer (LA) admits to using botnets to illegally install software
on at least 250K machines and steal the online banking identities of
Windows users. (Dec)

2008

• FTC settles with “Life is Good” (www.lifeisgood.com), which exposed

credit card information due to SQL Injection flaw (Jan)
• Login page of Italian bank (Banca Fideuram) replaced using XSS (Jan)
• RIAA website DoS’ed, then defaced, using SQL Injection&XSS (Jan)
• CSRF used to hack a Korean e-commerce site (Auction.co.kr) and steal
information on 18M users (Feb)
• MySpace and FaceBook private pictures exposed on-line using URL
manipulation (Jan & Mar)
• Hackers steal 4.2M card numbers of Hannaford shoppers, resulting in
over 2000 fraud cases (Mar)
• SQL and iFrame Injection are used to add Javascript code to websites
which then download viruses and other malware from hacker sites
when browsed. Search Engine Optimization (SEO) techniques result in
infected pages being placed high on Googles’ search results. Affected
sites number in excess of 200K. (Mar)
• Just before the Pennsylvania Democratic Primary, XSS is used to
redirect users of Barack Obama’s website to Hillary Clinton’s (Apr)
• US Federal prosecutors charge parent who allegedly badgered a girl to
suicide on MySpace with three counts of computer crime (conspiracy
and hacking) (May)
• Radio Free Europe hit by DDoS attack (May)
• Online payment service E-Gold pleads guilty to money laundering (Jul)
• Canadian Teachers Federation proposes adding Cyber-Bullying to
Canadian Criminal Code (Jul)

M. Qavi Kaleem Khan [ 13 ]

 CYBER CRIMES

• Canadian porn site SlickCash pays $500K to Facebook after it tried to

gain unauthorized access to Facebook’s friend-finder functionality back
in June 2007 (Jul)
• Terry Childs, San Francisco City network admin, refuses to give out
passwords, locking other admins out of network (Jul)

Types of Cyber Crime

• Cyber crime
• Malware and malicious code
• Denial-of-service attack
• Computing virus
• Cyber terrorism
• Information warfare
• Cyber stalking
• Fraud and identity theft
• Phishing
• Virtual crime

Some Cyber Crimes and their Solutions

We are currently living in Cyber age, where Internet and computers have
major impacts on our way of living, social life and the way we conduct
businesses.

The usage of information technology has posed great security challenges and
ethical questions in front of us. Just as every thing has positives and
negatives, usage of information technology is beneficial as well as insecure.

With the growth of the internet, network security has become a major
concern. Cyber crimes have emerged rapidly in the last few years and have
major consequences. Cyber criminals are doing every thing from stealing
money, hacking into others computer, stealing intellectual property, spreading
viruses and worms to damage computers connected on the internet and
committing frauds. Stoppage of cyber crimes is a major concern today.
Cyber criminal make use of the vulnerabilities in computer soft wares and
networks to their advantage.

M. Qavi Kaleem Khan [ 14 ]

 CYBER CRIMES

Hacking:

Hacking or Cracking is a major cyber crime committed today. Hacker makes

use of the weaknesses and loop holes in operating systems to destroy data
and steal important information from victim’s computer. Cracking is normally
done through the use of a backdoor program installed on your machine. A lot
of crackers also try to gain access to resources through the use of password
cracking softwares. Hackers can also monitor what u do on your computer
and can also import files on your computer. A hacker could install several
programs on to your system without your knowledge. Such programs could
also be used to steal personal information such as passwords and credit card
information. Important data of a company can also be hacked to get the
secret information of the future plans of the company.

Cyber-Theft:

Cyber-Theft is the use of computers and communication systems to steal

information in electronic format. Hackers crack into the systems of banks and
transfer money into their own bank accounts. This is a major concern, as
larger amounts of money can be stolen and illegally transferred.

Many newsletters on the internet provide the investors with free advice
recommending stocks where they should invest. Sometimes these
recommendations are totally bogus and cause loss to the investors. Credit
card fraud is also very common.

Most of the companies and banks don’t reveal that they have been the
victims of cyber -theft because of the fear of loosing customers and share
holders. Cyber-theft is the most common and the most reported of all cyber-
crimes. Cyber-theft is a popular cyber-crime because it can quickly bring
experienced cyber-criminal large cash resulting from very little effort.
Furthermore, there is little chance a professional cyber-criminal will be
apprehended by law enforcement.

Viruses and worms:

M. Qavi Kaleem Khan [ 15 ]

 CYBER CRIMES

Viruses and worms is a very major threat to normal users and companies.
Viruses are computer programs that are designed to damage computers. It is
named virus because it spreads from one computer to another like a
biological virus. A virus must be attached to some other program or
documents through which it enters the computer. A worm usually exploits
loop holes in soft wares or the operating system. Trojan horse is dicey. It
appears to do one thing but does something else. The system may accept it
as one thing. Upon execution, it may release a virus, worm or logic bomb. A
logic bomb is an attack triggered by an event, like computer clock reaching a
certain date. Chernobyl and Melissa viruses are the recent examples.

Experts estimate that the Mydoom worm infected approximately a quarter-

million computers in a single day in January 2004. Back in March 1999, the
Melissa virus was so powerful that it forced Microsoft and a number of other
very large companies to completely turn off their e-mail systems until the
virus could be contained.

Solutions
An important question arises that how can these crimes be prevented. A
number of techniques and solutions have been presented but the problems
still exists and are increasing day by day.

Antivirus And Anti spyware Software:

Аntivirus software consists of computer programs that attempt to identify,

thwart and eliminate computer viruses and other malicious software. Anti spy
wares are used to restrict backdoor program, trojans and other spy wares to
be installed on the computer.

Firewalls:

A firewall protects a computer network from unauthorized access. Network

firewalls may be hardware devices, software programs, or a combination of
the two. A network firewall typically guards an internal computer network
against malicious access from outside the network.

M. Qavi Kaleem Khan [ 16 ]

 CYBER CRIMES

Cryptography:

Cryptography is the science of encrypting and decrypting information.

Encryption is like sending a postal mail to another party with a lock code on
the envelope which is known only to the sender and the recipient. A number
of cryptographic methods have been developed and some of them are still
not cracked.

Cyber Ethics and Laws:

Cyber ethics and cyber laws are also being formulated to stop cyber crimes.
It is a responsibility of every individual to follow cyber ethics and cyber laws
so that the increasing cyber crimes shall reduce. Security softwares like anti
viruses and anti spy wares should be installed on all computers, in order to
remain secure from cyber crimes. Internet Service Providers should also
provide high level of security at their servers in order to keep their clients
secure from all types of viruses and mallicious programs.

M. Qavi Kaleem Khan [ 17 ]

 CYBER CRIMES

Cyber Crimes in Pakistan

Although the Internet provides many facilities, it also carries many risks.
Most common is the risk of Internet fraud. This crime affects the entire world
and victims include individuals, companies and even countries.

In Pakistan, leading international and local banks have suffered huge losses
from credit card fraud, despite the expensive and extensive security
measures they have in place. Victims include Citibank, American Bank, Union
Bank, Askari Bank, the Muslim Commercial Bank.

Cyber criminals often attack official government websites, hack into security
systems, send obnoxious e-mails, damage information systems and send
viruses. These days, even terrorists use the Internet to collect information on
targets and build worldwide contacts and sympathisers.

It is widely accepted that there is a need to establish a policy to curb cyber

crime. The government of Pakistan has established a Cyber Crime Wing, a
joint venture of the Ministry of Interior, Ministry of Information Technology
and Telecommunications to combat the hazard of cyber crime. The hackers
manage to hack information systems, official websites and get access to
unauthorised official data which is a hidden threat to the government. “Cyber
Crime wing will coordinate efforts to stop increasing cyber crimes in Pakistan,
the threats and the measures to counter them. It will focus on criminals
communications, make fair online business, protect official websites from
hackers and make solid security policy for networks and Online Official
Documents,” an official of Cyber Crime Wing told Daily Times.

The new wing will also regulate Internet cafés in the country as the terrorist
use these café’s for communication. However, very few people and officials
know about the existence of this wing. Even the Islamabad police official
deputed at the police exchange inquiry (9203333) expressed ignorance about
the existence of this wing. “I do not know if there is a cyber crime wing
working in Pakistan,” said Muhammad Farooq, sub-inspector, when contacted

M. Qavi Kaleem Khan [ 18 ]

 CYBER CRIMES

to get the cyber crime wing’s number. Given this limited police awareness,
members of the public should know about common Internet scams in order to
protect themselves, their money and their personal information.

The IT Ministry has also finalised a draft bill for the ‘Electronic Crime Act
2004’ which is an important legislation to give legal cover to the anti-cyber
crime efforts.

One of the most common frauds involves distance selling. If you are going to
buy something from the Internet, you should make sure that the seller
provides the price of the item, arrangements for delivery, contact information
so questions can be asked and the terms of cancellation. Anyone who fails to
provide this basic information is probably trying to run a scam.

Another common fraud is the Nigerian Advance Fee Scam, also known
internationally as the 4-1-9 fraud. The sender claims to be a government
official who needs to move a large sum of money. For some reason, they
need you to pay a fee and claim the money on their behalf. They say they will
pay you a percentage of the total sum for your help.

They request personal and banking details from you and a ‘goodwill’ or
‘advance fee’ payment. Your information is used for illegal activities and the
money you submit is never seen again.

Online auction frauds are also becoming common. These include the advance
lottery fee scams, business opportunities, work from home scams and
international modem dialling schemes. Another common scam invites people
to claim prizes by calling a hotline number. Usually, the hotlines charge a high
fee per minute and the calls last many minutes.

Some competitions invite you to claim your allocated prize by telephoning a

hotline number and this could be charged at a premium rate and last many
minutes. Also be cautious when offered free holidays or cheap property. You
may be being invited to attend a presentation and conned into signing an

M. Qavi Kaleem Khan [ 19 ]

 CYBER CRIMES

agreement that forces you to pay exorbitantly high prices for ‘deals’. Many of
these scams do not allow you to cancel once you have signed on.

Despite general knowledge that these schemes exist, people continue to

become victims. According to one website on Internet fraud, there were at
least 124,509 people complained about being scammed in 2003. Many more
people are often too embarrassed to report that they were scammed.

Of the reports on the website, Internet auction frauds accounted for 61

percent of the complaints, undelivered merchandise despite fee payment
accounted for about 21 percent of complaints, and credit card fraud
accounted for 7 percent of complaints. Check fraud, identity theft, business
fraud and investment fraud were other top complaint categories.

Cyber Crimes and Federal Board of

Investigation Pakistan
The Anti-Corruption and Economic Crime Wings of FIA transferred to National
Accountability Bureau (NAB) on 16.08.2004 have been restored vide
notification dated 24.10.2008.

The Crimes wing is an important part of FIA, which deals with organized
crimes other than terrorism and human trafficking. This wing is headed by a
senior police officer as Additional Director General at the HQ who is
responsible for assisting the Director General and coordinating operations of
the zonal directors. Under the Zonal Directors are Crime Circles who have
the following core functions:

Functions of FIA Crime Circles

1. Intellectual Property Rights (IPR) crimes:
• Business software piracy
• Motion picture piracy [video, TV, satellite, cable]
• Records and music piracy

M. Qavi Kaleem Khan [ 20 ]

 CYBER CRIMES

• Books piracy
• Internet piracy
• Digital piracy [LAN file sharing, mobile, digital stream ripping]
• Fake consumer products, etc
2. Anti-Corruption
3. Economic Crime
4. Spurious Drugs
5. Cyber Crimes
6. Counterfeit Currencies
7. Foreign Exchange Crimes
8. PPC and other Special Laws

SPE CIAL CRIMES

46

Fake medicines; illegal telephone exchange; fake credit cards; pirated

CDs/DVDs; & counterfeit currencies.

M. Qavi Kaleem Khan [ 21 ]

 CYBER CRIMES

Voice Termination Devices

Intellectual Property Rights Crimes

“Intellectual property” is creative work and encompasses branches such as
copyright, patents, designs and trademarks. IPR violation is a barrier to
foreign-direct-investment in Pakistan. Copyright piracy has caused $95.7+
million estimated trade loss to Pakistan in 2005. Combating IPR crimes for
the purpose of developing the local industries is one of the top priorities set
out by the Government of Pakistan.

Copyright Ordinance came onto the schedule of FIA in April 2005. FIA
registered 34 cases [subjudice in the courts]; sealed six illegal manufacturing
units of CDs/DVDs in Karachi; and seized over a million pirated optical discs
in the year 2005 & 2006. FIA’s one-year performance has been lauded at
national and global levels.

“…Pakistan’s Federal Investigation Agency (FIA) this week made nine arrests
for copyright violations, seized over 1,000,000 pirated CDs and video and
audio cassettes, and, most importantly, shut down six factories illegally
producing optical media. Steps like these no doubt help Pakistan attract
greater investment in innovative industries.” [Deputy USTR, Josette Sheeran
Shiner]

“The United States is pleased with the recent progress Pakistan has
demonstrated in fighting optical disc piracy.” [USTR, Rob Portman]

“The efforts of the Pakistani government under the remarkable leadership of

Prime Minister Aziz and the actions of the Federal Investigation Agency to
address the rampant copyright piracy that had been ravaging their country

M. Qavi Kaleem Khan [ 22 ]

 CYBER CRIMES

have been outstanding.” [Neil Turkewitz, Executive Vice President of the

Recording Industry Association of America]

Spurious Drugs

The illicit trade of production/ supply, distribution, and sale of drugs are
posing a serious threat to the lives of the innocent citizens and has serious
ramifications such as:

• Loss of Government revenue/ tax evasion

• Undermines Government health agendas and regulatory regimes
• Undermines legitimate trade and commerce
• Defrauds the consumers and health industry
• Erodes corporate investment and productivity
• Encourages organized crime

FIA’s crime wing has taken up the challenge to eradicate the illicit trade in
drugs and has recovered spurious drugs valuing over Rs.416 million and
seized eight illegal manufacturing units. Special drug units have been
established in the provincial headquarters. The FIA has registered 67 cases
in the years 2005 & 2006.

Cyber Crimes

FIA is empowered under the Electronic Transactions Ordinance- 2002 to

effectively deal with the growing menace of computer/internet related crimes
in the country. “National Response Centre for Cyber Crime [NR3C]” has been
established in the FIA HQ. The crimes circles across the country have started
taking action under this law and a total of 57 cases have been registered
under the ETO 2002 in the years 2005 & 2006.

Counterfeit Currencies

The increasing instances of counterfeiting of currency in various parts of the

country hold serious repercussions for the national economy. FIA crime wing
is responsible to deal with the currency counterfeiting. A task force is
working led by the Governor, State Bank of Pakistan and the FIA is a member
thereof. The FIA is maintaining a database of all the culprits of counterfeit
currency cases across the country. The FIA coordinates with the provincial/
local law enforcement agencies in cases registered in their jurisdictions.

M. Qavi Kaleem Khan [ 23 ]

 CYBER CRIMES

Crimes Case Summary [2005 to October 2008]

Offences 2005 2006 2007 2008 Total
IPR Crimes 20 14 09 18 61
Spurious Drugs 30 37 35 28 130
Cyber Crimes 24 33 29 56 142
Counterfeit
2 7 12 02 23
Currencies
Others 148 105 103 159 515
Total: 224 196 188 243 871

Pakistan has Created Cyber Crime Wing

A Pakistani security agency has launched a special wing to combat cyber
crimes in part because the country had to rely on U.S. investigators to trace
e-mails sent by the kidnappers of American journalist Daniel Pearl a year
ago.

"The purpose of establishing the National Response Center for Cyber Crimes
is to stop misuse of the Internet and trace those involved in cyber-related
crimes," Iftikhar Ahmad, spokesman for Pakistan's Interior Ministry, told the
Associated Press on Wednesday.

"The importance of this special wing was felt when Daniel Pearl was
kidnapped, and his captors started sending e-mails to newspapers," he said.

The Wall Street Journal correspondent disappeared on Jan. 23, 2002, from
Pakistan's southern city of Karachi.

On Jan. 27, 2002, the Journal and other media received an e-mail from a
group calling itself the National Movement for the Restoration of Pakistani
Sovereignty. The e-mail contained a photo of Pearl, 38, with a gun to his
head.

The FBI traced the e-mails, and police captured those who allegedly sent
them to the newspapers, but, on Feb. 21, 2002, the U.S. Embassy received a
videotape showing Pearl was dead.

M. Qavi Kaleem Khan [ 24 ]

 CYBER CRIMES

"The National Response Center for Cyber Crimes will play a key role in the
days to come in tracing those terrorists who often use the Internet or prepaid
telephone cards to communicate messages to their associates for carrying
out acts of terrorism and other purposes," Ahmad said.

The special wing has been established at the headquarters of an intelligence

agency in Islamabad, Pakistan's capital.

Pakistan’s Cyber Crime Bill 2007

The Federal Cabinet approved the adoption of The Prevention of Electronic

Crimes Bill 2007 on 17 January 2007. The proposed law titled as Prevention
of Electronic Crimes Bill 2007 offers penalties ranging from six months
imprisonment to capital punishment for 17 types of cyber crimes, including
cyber terrorism, hacking of websites and criminal access to secure data.

The bill deals with the electronic crimes included, cyber terrorism, criminal
access, criminal data access, data damage electronic fraud, electronic
forgery, misuse of electronic system or electronic device, unauthorised access
to code, misuse of encryption, misuse of code, cyber stalking and suggest
stringent punishment for offences involving sensitive electronic crimes.

It proposes seven years punishment on charges of electronic fraud and

electronic forgery and would not have the right of bail whereas those tried for
data damage, system damage and criminal data access, misuse of electronic
system or electronic device would get maximum three-year punishment with
the right of bail.

The bill suggests maximum punishment of death or life imprisonment for

those booked under cyber crimes or involved in sensitive electronic systems
offences.

Following the passage of the mentioned bill, the Minister for Information
Technology Awais Ahmad Khan Leghari stated that the e-crime law would
require the internet companies maintain their traffic data for at least six
months to enable the agencies to investigate cases involving data stored by
them. He said the law would enable the government to seek extradition of
foreign nationals through Interpol for their involvement in criminal activities
punishable under the law.

M. Qavi Kaleem Khan [ 25 ]

 CYBER CRIMES

How to yourself from Cyber Crimes?

Today, the Internet has become an integral part of our lives. It's a daily
routine for us to log onto the internet for banking, shopping, social &
business networking, job application, researching, music downloads and on
other various important information retrieval, we all depend on internet.

With its worldwide popularity, the risk of Internet crime has also risen
considerably. Precaution has always been better then cure so it's in our hands
to safeguard our personal information when we make any online transaction.
With every bit of information you transmit through the Internet or store
online, the risk of falling victim to the Internet crime also rises. Identity theft
is at its all time high! Some of the various gullible trends that have been
rising through the Internet include hacking, stalking, fraud, phishing, theft,
spreading Malware and harassment! This not only causes a financial distress
but more then often leads to the psychological stress.

Some of the ways that can help you to guard your safety in the Internet
world and help you escape from falling prey to Cyber Crime are listed below.
Do remember, your safety is at your own hands!

Awareness: Before you start the campaign to safeguards yourself from cyber
crime, keep in mind that you know about the risks you are going to face! The
right knowledge equips you to fight with a right mindset! Awareness is the
most important weapon that will come to your rescue at the most difficult
times!

Be Vigilant: These days most of the people who surf online are the members
of social networking sites. Being social is nice but trusting everyone regarding
your personal information can drown you into deep waters! Most of the cyber
criminals maintain a good relationship at the start and at later stages they
exploit that information for their own good. Do not let them exploit your
trust! Be conscientious of the information you share with others online.

Don't pass your Password: If any link in your email asks for your personal
information or your password, quickly mark it as Spam and report it! Most of

M. Qavi Kaleem Khan [ 26 ]

 CYBER CRIMES

these emails are used to phish for your personal information. They will allure
you with schemes such as " Congrats! You've been chosen winner for a trip to
Switzerland", all excited you may give your information but in the end you'll
realize the big loss you made for yourself! Keep in mind, if you are dealing
with a valid organization, it will never ask you for your password. Another
way to keep your personal information secure is by changing passwords at
some regular intervals. Though make it easy for yourself to remember!

We all enjoy using the Internet. It has been a valuable source of information
since almost a decade now! Do not let anyone make it a bad experience for
you by making you prey to their bad motives. So, to prevent yourself from
becoming a victim to cyber crime keep in mind these basic tips, be vigilant
and conscious of the information you share through the intranet connection.

M. Qavi Kaleem Khan [ 27 ]

 CYBER CRIMES

References
• http://www.google.com

• http://www.fia.gov.pk

• http://archive.pakcon.org/post-pc-2004/pc-khi-04-jawad-electronic-

commerceand-cyber-crime.pdf

• http://www.crime-research.org/analytics/cyber_crimes0108

• http://ezinearticles.com/?Cyber-Crimes-And-Solutions&id=204167

• www.wikipedia.com

• www.scribd.com

M. Qavi Kaleem Khan [ 28 ]