PROJECT REPORT

CYBER SECURITY

1
 CONTENT

PAGE NO.

1. CYBER SECURITY...................................................................................... 1
1.1.1 WHAT IS CYBER SECURITY.................................................................. 2
1.1.2 WHY IS CYBER SECURITY IMPORTANT............................................ 2
1.2 HOMELAND SECURITY..........................................................................
1.2.1 INTRODUCTION....................................................................................
1.2.2 EVOLUTION OF HOMELAND SECURITY CONCEPT.....................
1.2.3 WHAT DHS DO IN HOMELAND SECURITY......................................
1.2.4 DIVISION IN HOMELAND SECURITY INVESTIGATION...............
1.2.5 GOALS OF HOMELAND SECURITY...................................................
1.2.6 CONCLUSION..........................................................................................
2. CYBER CRIME..............................................................................................
2.0.1 INTRODUCTION.....................................................................................
2.0.2 WHAT IS CYBER CRIME.......................................................................
2.0.3 CAUSE OF CYBER CRIME.....................................................................
2.0.4 TYPES OF CYBER CRIME......................................................................
2.0.5 HOW TO ERADICATE CYBER CRIME.................................................
2.1.0 ESTONIA CASE........................................................................................
2.1.1 INTRODUCTION.......................................................................................
2.1.2 ETHNIC TENSIONS IN ESTONIA..........................................................
2.1.3 MULTINATIONAL RESPONSES TO CYBER TERROR........................
2.1.4 CONCLUSION.............................................................................................
2.2.0 ATHENS AFFAIR: THE WIRETAP CASE...............................................
2.2.1INTRODUCTION..........................................................................................
2.2.2 DISCOVERY OF ILLEGAL TAPS..............................................................
2.2.3 FALLOUT......................................................................................................
2.2.4 CONCLUSION...............................................................................................

2
1.1.1 WHAT IS CYBER SECURITY?
Cyber security, also referred to as information technology
security, focuses on protecting computers, networks, programs
and data from unintended or unauthorized access, change or
destruction.

1.1.2 WHY IS CYBER SECURITY IMPORTANT?

Governments, military, corporations, financial institutions,
hospitals and other businesses collect, process and store a
great deal of confidential information on computers and
transmit that data across networks to other computers. With
the growing volume and sophistication of cyber attacks,
ongoing attention is required to protect sensitive business and
personal information, as well as safeguard national security.
During a Senate hearing in March 2013, the nation's top
intelligence officials warned that cyber attacks and digital
spying are the top threat to national security, eclipsing
terrorism.

3
 cyber crime

2.0.1INTRODUCTION
O

4
 Over the past twenty years, unscrupulous computer
users have continued to use the computer to commit crimes;
this has greatly fascinated people and evoked a mixed feeling
of admiration and fear. This phenomenon has seen
sophisticated and unprecedented increase recently and has
called for quick response in providing laws that would protect
the cyber space and its users. The level of sophistication has
gone high to the point of using the system to commit murder
and other havoc.
This work seeks to define the concept of cyber-
crime, identify reasons for cyber-crime, how it can be
eradicated, look at those involved and the reasons for their
involvement, we would look at how best to detect a criminal
mail and in conclusion, proffer recommendations that would
help in checking the increasing rate of cyber-crimes and
criminals.

2.0.2 WHAT IS CYBER CRIME?

5
 Cyber-crime by definition is any harmful act committed
from or against a computer or network. According to
McConnell International, Cyber Crime are most terrestrial
crimes in four ways: Firstly they are easy to learn. Secondly,
they require few resources relative to the potential damages
caused. Thirdly, they can be committed in a jurisdiction
without being physically present in it and fourthly, they are
often not clearly illegal.
Another definition given by the Director of Computer
Crime Research Centre (CCRC) during an interview on the
27th April 2004 is that "Cyber-Crime"(computer crime) is any
illegal behaviour directed by means of electronic operations
that targets the security of computer systems and the data
processed by them. In essence, cyber-crime is crime committed
in a virtual space and a virtual space is fashioned in a way that
information about persons, objects, facts, events, phenomena
or processes are represented in mathematical, symbol or any
other way and transferred through local and global networks.
From the above, we can deduce that cyber crime has to
do with wrecking of havoc on computer data or networks
through interception, interference or destruction of such data
or systems. It involves committing crime against computer
systems or the use of the computer in committing crimes.

2.0.3 CAUSES OF CYBER CRIME

6
 There are many reasons why cyber-criminals
commit cyber-crime, chief among them are these three listed
below:
Cyber crimes can be committed for the sake of
recognition. This is basically committed by youngsters who
want to be noticed and feel among the group of the big and
tough guys in the society. They do not mean to hurt anyone
in particular; they fall into the category of the Idealists; who
just want to be in spotlight.
Another cause of cyber-crime is to make quick money.
This group is greed motivated and is career criminals, who
tamper with data on the net or system especially, e-
commerce, e-banking data information with the sole aim of
committing fraud and swindling money off unsuspecting
customers.
Thirdly, cyber-crime can be committed to fight a cause
one thinks he believes in; to cause threat and most often
damages that affect the recipients adversely. This is the
most dangerous of all the causes of cyber-crime. Those
involve believe that they are fighting a just cause and so do
not mind who or what they destroy in their quest to get their
goals achieved. These are the cyber-terrorists.

2.0.4 TYPES OF CYBER CRIME

7
 Theft of telecommunication services
Communication in furtherance of criminal
c conspiracies
Telecommunication piracy
Dissemination of offensive material
Electronic money laundering and tax evasion
Electronic vandalism, terrorism and extortion
Sales and investment fraud
Illegal interception of telecommunications
Electronic funds transfer fraud

2.0.5 CYBER CRIME HOW TO

ERADICATE

8
 Research has shown that no law can be put in
place to effectively eradicate the scourge of cyber-crime.
Attempts have been made locally and internationally, but these
laws still have shot-comings. What constitutes a crime in a
country may not in another, so this has always made it easy for
cyber criminals to go free after being caught.
It has been proven that they help big companies and
government see security holes which career criminals or even
cyber-terrorist could use to attack them in future. Most often,
companies engage them as consultants to help them build solid
security for their systems and data. The Idealists often help the
society through their highly mediatised and individually
harmless actions, they help important organizations to discover
their high-tech security holes. The enforcement of law on them
can only trigger trouble, because they would not stop but would
want to defy the law. Moreover, if the goal of the cyber-crime
legislation is to eradicate cyber-crime, it mint well eradicate
instead a whole new culture. Investments in education is a much
better way to prevent their actions.
Another means of eradicating cyber-crime is to
harmonize international cooperation and law, this goes for the
greed motivated and cyber-terrorists. They cannot be fought by
education, because they are already established criminals, so
they can not behave. The only appropriate way to fight them is
by enacting new laws, harmonize international legislations and
encourage coordination and cooperation between national law
enforcement agencies.

9
 HOMELAND
SECURITY

10
1.2.1INTRODUCTI
ON
Homeland security is an American umbrella term for "the
national effort to ensure a homeland that is safe, secure, and
resilient against terrorism and other hazards where American
interests, aspirations, and ways of life can thrive to the
national effort to prevent terrorist attacks within the United
States, reduce the vulnerability of the U.S. to terrorism, and
minimize the damage from attacks that do occur.
Ten years after the 9/11 terrorist attacks, policymakers
continue to grapple with the definition of homeland security.
Prior to 9/11, the United States addressed crises through the
separate prisms of national defence, law enforcement, and
emergency management. 9/11 prompted a strategic process
that included a debate over and the development of homeland
security policy. Today, this debate and development has
resulted in numerous federal entities with homeland security
responsibilities. For example, there are 30 federal entities that
receive annual homeland security funding excluding the
Department of Homeland Security (DHS). The Office of
Management and Budget (OMB) estimates that 48% of annual
homeland security funding is appropriated to these federal
entities, with the Department of Defence(DOD) receiving
approximately 26% of total federal homeland security funding.
DHS receives approximately 52%.

11
1.2.2 Evolution of Homeland
Security Concept
The concept of homeland security has evolved over the last
decade. Homeland security as a concept was precipitated by
the terrorist attacks of 9/11. However, prior to 9/11 such
entities as the Gilmore Commission and the United States
Commission on National Security discussed the need to evolve
the way national security policy was conceptualized due to the
end of the Cold War and the rise of radicalized terrorism. After
9/11, policymakers concluded that a new approach was needed
to address the large-scale terrorist attacks. A presidential
council and department were established, and a series of
presidential directives were issued in the name of "homeland
security". These developments established that homeland
security was a distinct, but undefined concept. Later, the
federal, state, and local government responses to disasters
such as Hurricane Katrina expanded the concept of homeland
security to include significant disasters, major public health
emergencies, and other events that threaten the United States,
its economy, the rule of law, and government operations. This
later expansion of the concept of homeland security solidified it
as something distinct from other federal government security
operations such as homeland defence.

12
1.2.3 WHAT dhs DO in
homeland security
DHS Science and Technology Directorate (S&T)
strengthens Americas security and resiliency by providing
knowledge products and innovative technology solutions for
the Homeland Security Enterprise (HSE). Homeland Security
Advanced Research Projects Agency (HSARPA) focuses on
identifying, developing, and transitioning technologies and
capabilities to counter chemical, biological, explosive, and
cyber terrorism threats, as well as protect our nations borders
and infrastructure. HSARPA divisions work directly with DHS
components to better understand and address their high-
priority requirements and define operational context by
conducting analyses of current missions, systems, and
processes. This process ultimately identifies operational gaps
where S&T can have the greatest impact on operating
efficiency and increasing capability. In addition, Apex
Technology Engines (Engines) power open innovation by
harnessing subject matter experts and capabilities across DHS.
Efforts include basic technical evaluations, knowledge
products, developmental improvements, full life-cycle research,
and piloting of new and existing technologies.

13
1.2.4 DIVISION IN HOMELAND
To accomplish its mission, HSI is organized into the
following divisions:
Borders and Maritime
Security Division: Prevents contraband,
criminals, and terrorists from entering the United States,
while permitting the lawful flow of commerce and visitors.
Chemical and Biological
Defence Division: Detects, protects against,
responds to, and recovers from biological or chemical
threats and events.
Cyber Security Division: Creates a
safe, secure, and resilient cyber environment.
Explosives Division: Detects, prevents,
and mitigates explosives attacks against people and
infrastructure.
Resilient Systems Division:
Enhances resilience to prevent and protect against
threats, mitigates hazards, responds to disasters, and
expedites recovery.

14
1.2.5 GOALS OF HOMELAND
SECURITY
Prevent and disrupt terrorist attacks
Protect the American people, our critical
infrastructure, and key resources;
Respond to and recover from incidents that do occur
Continue to strengthen the foundation to ensure our
long-term success.

1.2.6 CONCLUSION

15
 ESTONIA CASE

2.1.1 Introduction
During the information age, the Internet has
facilitated dramatic increases in worldwide interconnectivity
and communication. This form of globalization has yielded
benefits, such as improved standards of living in the
developing world, but it has also given rise to new weapons of
resistance for groups seeking to oppose certain political
measures and ideologies. One demonstration of the latter point
came about through the cyber attacks on Estonia in April and
16
May 2007 by digital activists from the Russian diasporas. This
article examines these fundamentally political attacks in
cyberspace within the overall context of globalization. It
argues that the situation that unfolded in Estonia in the spring
of 2007 illustrates the increasing ability of transnational
networks to use digital tools to challenge the policies and
sovereignty of nation-states worldwide. However, the
multinational responses to the Estonian cyber terrorist attacks
demonstrate the growing interest of states in defending
national sovereignty in the realm of cyberspace.

2.1.2 Ethnic Tensions in

Estonia
Estonia and Russia have a long history of strife in
their bilateral relationship, and the problems between these
ethnic populations date back to hundreds of years before the
existence of modern nation-states. Following the Soviet
annexation of the Baltic States in 1940, and throughout the
Cold War, the Kremlin relocated hundreds of thousands of
ethnic Russians to Estonia. The purpose behind these mass
migrations was two-fold: to increase cohesion in the Eastern
Bloc and to "Russify" Estonian culture. Following the end of
the Cold War and the dissolution of the U.S.S.R., the
government in Tallinn implemented policies designed to
minimize Russian influences on Estonian culture. And although
Estonia joined NATO in 2004 and received the Atlantic
Alliance's, distrust of Moscow's intentions remains strong.
After several years of lobbying, Estonia recently received
NATO contingency plans to protect the country in the event of
17
a hypothetical Russian invasion. There are also reports that
the government has even created house-to-house defence plans
against Russian aggression. The cyber attacks on Estonia
occurred within the overall climate of tension between ethnic
Estonians and the country's Russian minority population. On
April 30, 2007, the government moved the Bronze Soldier a
memorial commemorating the Soviet liberation of Estonia from
the Nazis from Tnismgi Park in central Tallinn to the Tallinn
Military Cemetery. This decision sparked rioting among the
Russian speaking community, which comprised around 26
percent of Estonia's population in 2007. To ethnic Estonians,
the Bronze Soldier symbolized Soviet oppression. But to
Russian minorities, its relocation represented further
marginalization of their ethnic identity. As Mary Kaldor and
David Szakonyi argue a perceived attack on the identity of a
subordinate group is likely to provoke a nationalist backlash,
as occurred in Estonia. In addition to rioting and violence from
April 27 to May 18, distributed denial-of-service (DDoS) cyber
attacks targeting the country's infrastructure shut down the
websites of all government ministries, two major banks, and
several political parties. At one point, hackers even disabled
the parliamentary email server.8 Estonian officials like
Foreign Minister Urmas Paet quickly accused Russia of
perpetrating the attacks, but European Commission and NATO
technical experts were unable to find credible evidence of
Kremlin participation in the DDoS strikes.
2.1.3 Multinational Responses
to Cyber Terror

18
 The 2007 cyber terrorism on Estonia was more than
just a temporary nuisance; rather, it was a mild version of a
new form of digital violence that could halt public services,
commerce, and government operations. Estonian Defence
Minister Jaak Aaviksoo observed that successful cyber attacks
"can effectively be compared to when your ports are shut to the
sea." A blockade is a fitting analogy, as future cyber-terrorist
attacks may disrupt a country's water and electricity supplies,
telecommunications (severing its connections to the world),
and national defences. The seriousness of the attacks on
Estonia generated a rapid international response. Estonia had
few formal cyber-defence preparations outside of its
framework for countering traditional acts of terrorism, and the
government Computer Emergency Response Team (CERT)
required Finnish, German, Israeli, and Slovenian assistance to
restore normal network operations. NATO CERTs provided
additional assistance, while the EU's European Network and
Information Security Agency (ENISA) offered expert technical
assessments of the developing situation. Further, a high level
of intelligence sharing took place among western countries
during the crisis. While Russian-speaking hackers employed
the Internet as a weapon and tool of mobilization, Estonia and
its allies used digital networks to successfully counter the
attacks. During and after the DDoS strikes, NATO and EU
member states began to debate new directions for cyber
security and the appropriate punishments for states found to
have engaged in digital warfare. Sanctions were one
punishment option that received fairly widespread support.
Additionally, one German official even recommended that
NATO consider extending its Article 5 security guarantees to
the realm of cyberspace. At its Bucharest Summit in April
19
2008, NATO adopted a unified Policy on Cyber Defence and
created the Brussels-based Cyber Defence Management
Authority (CDMA) to centralise cyber defence operational
capabilities across the Alliance. And in August 2008, Tallinn
became home to the NATO Cooperative Cyber Defence Centre
of Excellence (CCDCE), the Atlantic Alliance's cyber-security
headquarters. On the EU front, in November 2010, the
organization released its Internal Security Strategy, which
calls for integrated responses to cyber-security threats and
significant expansion of ENISA's duties beyond its previously
limited analytical role.

2.1.4 Conclusion
The severity of the Estonian cyber attacks served as
a wake-up call to the world, as it became clear that potentially
autonomous transnational networks like unhappy pro-Kremlin
"hacktivists" could avenge their grievances by digitally
targeting and nearly crippling the critical infrastructure of
technically sophisticated nation-states. In the future, an
enhanced focus on cyber security and new multinational
strategies and institutions will be instrumental in countering
electronic threats to the sovereignty and survival of states.
However, the world of information security is not unlike the
traditional global security environment; for each visible
action, there is oftentimes a commensurate reaction. The
attacks on Estonia will likely encourage future groups of
transnational imitators, and the events of spring 2007 have
provided states with important information for the further
development and improvement of their own cyber-warfare
capabilities.
20
 The benefits of the information age are numerous,
but nascent threats like transnational cyber terrorism and
information warfare exist alongside the positive aspects of
globalization. In this period of IT-driven globalization, the
attacks on Estonia demonstrate that even NATO Article 5 and
U.S. nuclear umbrella guarantees cannot ensure the protection
of the nation. Just as the world economy has adapted to the
digital era, the Estonian cyber terrorism case indicates that the
foreign and security policies of nation-states must also do so,
as difficult-to-attribute asymmetric threats stemming from the
Internet are likely to harm nation-states in the future.

21
 ATHEN AFFAIR(THE WIRE TAPING
CASE)
(2004-2015)

2.2.1 INTRODUCTION
The Greek wiretapping case of 2004-2005, also
referred to as Greek Watergate involved the illegal tapping of
more than 100 mobile phones on the Vodafone Greece network
belonging mostly to members of the Greek government and top-
ranking civil servants. The taps began sometime near the
beginning of August 2004 and were removed in March 2005
without discovering the identity of the perpetrators.

22
 The phones tapped included those of the Prime
Minister Kostas Karamanlis and members of his family, the
Mayor of Athens, Dora Bakoyannis, and the top officers at the
Ministry of Defence, the Ministry of Foreign Affairs,
the Ministry for Public Order, members of the ruling party,
ranking members of the opposition Panhellenic Socialist
Movement party (PASOK), the Hellenic Navy General Staff, the
previous Minister of Defence and one, a locally hired Greek
American employee of the American Embassy. Phones of
Athens-based Arab businessmen were also tapped.
Foreign and Greek media have raised United
States intelligence agencies as the main suspects. AFP reported
that one Greek official stated on background that the likely
initial penetration occurred during the run-up to the 2004
Athens Olympics, stating: "it is evident that the wiretaps were
organized by foreign intelligence agencies, for security reasons
related to the 2004 Olympic Games. The leader of
the PASOK socialist opposition George Papandreou said that
the Greek government itself had pointed towards the US as
responsible for the wiretaps by giving up the zone of listening
range, in which the US embassy was included.
2.2.2 DISCOVERY OF ILLEGAL
TAPS
On January 24, 2005, an intruder update of
exchange software resulted in customer text messages not
being sent. Vodafone Greece sent firmware dumps of the
affected exchanges to Ericsson for analysis. On March 4, 2005,
Ericsson located the rogue code, 6500 lines of code written in
the PLEX programming language used by Ericsson AXE
switches. Writing such sophisticated code in a very esoteric
23
language required a high level of expertise. Much of Ericsson's
software development for AXE had been done by an Athens-
based company named Intracom Telecom, so the skills needed
to write the rogue software were likely available within
Greece.
On March 7, 2005, Ericsson notified Vodafone of the
existence of rogue wiretaps and software in their systems. The
next day the general manager of the Greek Vodafone branch,
George Koronias, asked for the software to be removed and
deactivated. Because the rogue software was removed before
law enforcement had an opportunity to investigate, the
perpetrators were likely alerted that their software had been
found and had ample opportunity to turn off the "shadow"
phones to avoid detection. On March 9, the Network Planning
Manager for Vodafone Greece, Kostas Tsalikidis, was found
dead in an apparent suicide. According to several experts
questioned by the Greek press, Tsalikidis was a key witness in
the investigation of responsibility of the wiretaps. After four-
month investigation of his death, Supreme Court prosecutor
Dimitris Linos said that the death of Kostas Tsalikidis was
directly linked to the scandal. "If there had not been the phone
tapping, there would not have been a suicide.
A preliminary judicial investigation was carried out, which,
due to the complexity of the case, lasted until February 1,
2006. The preliminary investigation did not point out any
persons connected with the case. The investigation was
hindered by the fact that Vodafone disabled the interception
system, and therefore locating the intercepting phones was no
longer possible (the phones were apparently switched off), and
that Vodafone had incorrectly purged all access logs. Police

24
rounded up and questioned as suspects persons who called the
monitoring phones, but all callers claimed they called these
phones because their number was previously used by another
person.
2.2.3 FALLOUT
The investigation into the matter was further
hampered when Greek law enforcement officials began to
make accusations at both Vodafone and Ericsson, which forced
experts on the defensive. .A recent appeal of the main
opposition party, PASOK, to form an investigating
parliamentary committee was rejected by the governing party.
In December 2006 Vodafone Greece was fined 76
million by the Communications Privacy Protection Authority, a
Greek privacy watchdog group, for the illegal wiretapping of
106 cell phones. The fine was calculated as 500,000 for each
phone that was eavesdropped on, as well as a 15 million fine
for impeding their investigation.
On October 19, 2007, Vodafone Greece was again
fined 19 million by EETT, the national telecommunications
regulator, for alleged breach of privacy rules. On September
2011, new evidence emerged indicated the US Embassy in
Athens was behind the telephone interceptions. The key
evidence of complicity was that out of the 14 anonymous
prepaid mobile phones used for the interception, three had
been purchased by the same person at the same time as a
fourth one. The fourth phone called mobile phones and
landlines registered with the US Embassy in Athens. With a sim
card registered to the US Embassy, it also called two telephone
numbers in Ellicott City and Catonsville, Maryland, both NSA

25
bedroom communities. A criminal investigation was
launched, and in February 2015, Greek investigators were
finally able to finger a suspect, William George Basil, a NSA
operative from a Greek immigrant background. Greek
authorities have issued a warrant for Basil's arrest, who has
since gone into hiding.
2.2.4 CONCLUSION
So what can this affair teach us about how to protect
phone networks? Once the infiltration was discovered,
Vodafone had to balance the need for the continued operation
of the network with the discovery and prosecution of the guilty
parties. Unfortunately, the responses of Vodafone and that of
Greek law enforcement were both inadequate. Through
Vodafone's actions, critical data were lost or destroyed, while
the perpetrators not only received a warning that their scheme
had been discovered but also had sufficient time to disappear.
In the telecommunications industry, prevailing best practices
require that the operator's policies include procedures for
responding to an infiltration, such as a virus attack: retain all
data, isolate the part of the system that's been broken into as
much as possible, coordinate activities with law enforcement.
Of course, in countries where such high-tech crimes
are rare, it is unreasonable to expect to find a crack team of
investigators. Could a rapid deployment force be set up to
handle such high-profile and highly technical incidents? We'd
like to see the international police organization Interpol create
a cyber forensics response team that countries could call on to
handle such incidents.

26
27