Vous êtes sur la page 1sur 8

Cyber

Crime

Report Prepared By: Report Submitted to :
Utsav Kawatra Ms.









EXECUTIVE SUMMARY

Connectivity and cybercrime

In 2011, at least 2.3 billion people, the equivalent of more than one third of the worlds
total population, had access to the internet. Over 60 per cent of all internet users are
in developing countries, with 45 per cent of all internet users below the age of 25 years.
By the year 2017, it is estimated that mobile broadband subscriptions will approach 70
per cent of the worlds total population. By the year 2020, the number of networked
devices (the internet of things) will outnumber people by six to one, transforming
current conceptions of the internet. In the hyper-connected world of tomorrow, it will
become hard to imagine a computer crime, and perhaps any crime, that does not
involve electronic evidence linked with internet protocol (IP) connectivity.

Definitions of cybercrime mostly depend upon the purpose of using the term. A
limited number of acts against the confidentiality, integrity and availability of
computer data or systems represent the core of cybercrime. Beyond this, however,
computer-related acts for personal or financial gain or harm, including forms of
identity-related crime, and computer content-related acts (all of which fall within a
wider meaning of the term cybercrime) do not lend themselves easily to efforts to
arrive at legal definitions of the aggregate term. Certain definitions are required for the
core of cybercrime acts. However, a definition of cybercrime is not as relevant for
other purposes, such as defining the scope of specialized investigative and
international cooperation powers, which are better focused on electronic evidence for
any crime, rather than a broad, artificial cybercrime construct.

The global picture

In many countries, the explosion in global connectivity has come at a time of
economic and demographic transformations, with rising income disparities, tightened
private sector spending, and reduced financial liquidity. At the global level, law
enforcement respondents to the study perceive increasing levels of cybercrime, as both
individuals and organized criminal groups exploit new criminal opportunities, driven
by profit and personal gain. Upwards of 80 per cent of cybercrime acts are estimated to
originate in some form of organized activity, with cybercrime black markets
established on a cycle of malware creation, computer infection, botnet management,
harvesting of personal and financial data, data sale, and cashing out of financial
information. Cybercrime perpetrators no longer require complex skills or techniques.
In the developing country context in particular, subcultures of young men engaged in
computer-related financial fraud have emerged, many of whom begin involvement in
cybercrime in late teenage years.

Globally, cybercrime acts show a broad distribution across financial-driven acts, and
computer-content related acts, as well as acts against the confidentiality, integrity and
accessibility of computer systems. Perceptions of relative risk and threat vary,
however, between Governments and private sector enterprises. Currently, police-
recorded crime statistics do not represent a sound basis for cross-national
comparisons, although such statistics are often important for policy making at the
national level. Two-thirds of countries view their systems of police statistics as
insufficient for recording cybercrime. Police-recorded cybercrime rates are associated
with levels of country development and specialized police capacity, rather than
underlying crime rates.

Victimization surveys represent a more sound basis for comparison. These
demonstrate that individual cybercrime victimization is significantly higher than for
conventional crime forms. Victimization rates for online credit card fraud, identity
theft, responding to a phishing attempt, and experiencing unauthorized access to an
email account, vary between 1 and 17 per cent of the online population for 21 countries
across the world, compared with typical burglary, robbery and car theft rates of under
5 per cent for these same countries. Cybercrime victimization rates are higher in
countries with lower levels of development, highlighting a need to strengthen
prevention efforts in these countries.

Private sector enterprises in Europe report similar victimization rates between 2 and
16 per cent for acts such as data breach due to intrusion or phishing. Criminal tools
of choice for these crimes, such as botnets, have global reach. More than one million
unique IP addresses globally functioned as botnet command and control servers in
2011. Internet content also represented a significant concern for Governments. Material
targeted for removal includes child pornography and hate speech, but also content
related to defamation and government criticism, raising human rights law concerns in
some cases. Almost 24 per cent of total global internet traffic is estimated to infringe
copyright, with downloads of shared peer-to-peer (P2P) material particularly high in
countries in Africa, South America, and Western and South Asia.

Cyber Attack Statistics

As far as Motivations Behind Attacks are concerned, once again Cyber Crime ranks at
number one with nearly the 70% of occurrences. Hacktivism is well behind with only
the 23% followed by Cyber Warfare and Cyber Espionage that triggered singularly the
10% of attacks. If compared with April, the trend shows a growth of Cyber Crime and a
corresponding reduction of hacktivism. As far as Cyber Espionage is concerned,
particularly interesting om this month have been the Attack to U.K. Ministry Of
Defence and to some undisclosed U.S. Natural Gas Companies.



The Distribution of Targets chart confirms that Governments continue to be the
preferred targets for Cyber Criminals and Hacktivists with nearly one third (30%) of
occurrences. With respect to April, targets belonging to educational sector have gained
one position ranking at number two with the 15% of occurrences and before the LEAs
which shifted at the third place with the 7% of occurrences. If we sum up military
targets to LEAs we have the 12%. In any case the trend is in line with the previous
month.



SQL Injection is the number one among Attack Techniques, with the 36% of
occurrences taking over, at least in the first two weeks of may, Distributed Denial Of
Service, that ranks at number two with the 18%. Summing up the conclamated SQLi
Attacks with the uncertain SQLi Attacks, leads to the surprising result that nearly
one attack on two (46%) has been performed exploiting this kind of vulnerability. So
definitively run and patch your applications!



Norton Cyber Crime Report 2011 : Exposing the True Scale

According to the Norton Cybercrime report 2011, there are 1 million+ victims a day,
including 50,000 victims every hour, 820 per minute and 14 per second. The total bill
for cybercrime footed by online adults in 24 countries topped $388 billion over the past
year. Gaurav Kanwal, country sales manager, India & SAARC, Consumer Products and
Solutions, Symantec presented the report that covers 24 countries and 20,000 people.
The most at risk are said to be the millennial males.

The total cost of global cybercrime was worth $114 billion annually. Based on the value
victims surveyed placed on time lost due to their cybercrime experiences, an
additional $274 billion was lost. Some of the prominent countries bearing the cash cost
of cybercrime include USA -- $32 billion, Brazil -- $15 billion, China -- $25 billion, India
-- $4 billion, and Australia, Japan and Mexico -- $2 billion each.



In India, the most common and most preventable type of cybercrime remains
computer viruses or malware. It was 60 percent overall and 75 percent had occured in
the last 12 months. The three most preventable crimes are said to be viruses/malware
at 60 percent, scams at 20 percent and mobile threats at 17 percent. In India, over 29.9
million people fell victim to cybercrime last year, suffering $4 billion in direct financial
losses and an additional $3.6 billion in time spent resolving the crime.

The Norton Cybercrime report also reveals that 10 percent of adults online globally (17
percent in India) have experienced cybercrime on their mobile phone. Besides the
threats on mobile devices, increased social networking and lack of protection are said
to be some of the main culprits behind the growing number of cybercrime victims.

The top six countries found to be in emerging danger due to cybercrimes include
China at 85 percent, South Africa at 84 percent, Mexico at 83 percent, and Brazil, India
and Singapore at 80 percent each, respectively.

It was also reported that 43 percent of Indian adults do not have an uptodate security
software suite to protect their personal information online. Despite the huge costs of
cybercrime, many people are not investing in adequate security software that protects
against computer viruses and other preventable cybercrimes.

Globally, over a third of adults (35 percent) do not feel safe online from cybercrime
attacks. This rises to 50 percent of French adults, 53 percent of Brazilian adults, 64
percent of Indian adults and 88 percent of Japanese adults. Also, a whopping 94
percent of Indians believe that more needs to be done to bring cybercriminals to
justice.

Now, 43 percent of Indians say they need to access the Internet daily. And, 47 percent
of the Indian social network users think they would lose contact with friends if they
had to live without their social networks.

Two things worry me

1. Mobile applications and crimes will be committed from or against mobile
phones. As use of smartphones grow we are going to basically have
computerised wallets and I would see that as being both a target and means of
attack, says a global user.

2. Cybercrime makes victims feel just as angry and upset as physical crime. Yet,
people are not taking adequate protection. China, Singapore and South Africa
are among today's cybercrime capitals. These also happen to be countries with
the highest number of free AV software users, and people accessing the
Internet and becoming a cybercrime victim via another mobile device.

With the growth in Internet access over mobile devices, coupled with a lack of
protection for personal data is likely to lead to a corresponding global rise in
cybercrime via mobile devices in the years to come.


Recommendations on Cyber Security
In a related development, Deora informed the Rajya Sabha that the National Security
Advisor has released a joint working report on engaging the private sector to improve
the countrys Cyber Security Architecture.
The minister noted that the Joint Working Group had representatives from
government departments and agencies like Indian Computer Emergency Response
Team (CERT-In), Department of Telecommunications (DoT), Ministry of Home
Affairs, Ministry of External Affairs and Office of Principal Scientific Adviser (PSA) as
well as representatives from Information and Communication Technology Industry
Association which includes National Association of Software and Services Companies
(NASSCOM), Data Security Council of India (DSCI), Confederation of Indian Industry
(CII), Federation of Indian Chambers of Commerce and Industry (FICCI), Association
of Unified Telecom Service Providers of India (AUSPI) and Cellular Operators
Association of India (COAI).
Among the recommendations provided by the joint working group in the report are:
- Setting up of a permanent Joint Working Group under National Security Council
Secretariat (NSCS) with representatives from both the government and the private
sector.
- Setting up of the Joint Committee of International Cooperation of Advocacy (JCICA).
- The private sector will set up Information Sharing & Analysis Sector (ISACs) in
various sectors and co-operate with the sectoral Computer Emergency Response
Teams (CERTs) at the operational level.
The Joint working group mentioned that it has identified four pilot projects for
collaboration which include setting up of Pilot Testing Lab, conducting a test audit of
a specified sector, studying vulnerabilities in a sample critical information
infrastructure and establishment of the multi disciplinary Centre of Excellence. It
also stated that the action has been initiated to work out the action plan for the
implementation of the above mentioned recommendations.