Chapter 5

Crime
Nishat Tasnim Shishir
Lecturer,
Department of CSE
Daffodil International University.
Contents

➢ Introduction
➢ Hacking
➢ Identity Theft and Credit Card Fraud
➢ Whose Laws Rule the Web?
 Chapter Focus

➢ Analyzing cyber threats and real-world examples.

➢ Exploring solutions for enhanced cybersecurity.
Introduction
➢ Types of Cybercrime
•Hacking: Unauthorized access to systems.
•Fraud, stock manipulation, and forgery.
•Identity theft and financial crimes.
•Industrial espionage and cyberterrorism.
•Computer vandalism disrupting businesses.

➢ Impact of Cybercrime
•More devastating and harder to detect.
•Computer fraud causes higher losses than physical theft.
•Hackers can steal millions of credit card details.
•Identity theft can disrupt victims’ lives for years.
•Terrorists can target critical infrastructure.
What is Hacking?
➢ General Meaning: Gaining unauthorized access to computer systems.
➢ Common Activities: Stealing data, spreading viruses, crashing websites, and disrupting
businesses.
➢ Different Perspectives: Some hackers use skills ethically, while others engage in
cybercrime.

Three Phases of Hacking

1.Phase 1 (1960s–1970s):
1. "Hacker" was a positive term.
2. Early hackers explored computing and improved systems.
2.Phase 2 (1970s–1990s):
1. Hacking became associated with cybercrime.
2. Activities included breaking into systems and stealing information.
3.Phase 3 (Mid-1990s–Present):
1. Rise of the Web and e-commerce.
2. Large-scale hacking, including political activism and government cyber operations.
Key Issues & Consequences

1.Security Response & Resources

1. System administrators cannot distinguish harmless hackers from criminals.
2. Organizations must spend time and effort to track and stop intrusions.
3. Companies may shut down services, causing inconvenience.
2.Uncertainty & Risk
1. Even if no damage is done, organizations must verify system integrity.
2. Example: Boeing spent a large sum ensuring files were not altered after a hacker
intrusion.
3.Potential for Serious Consequences
1. Hacking can disrupt critical systems (e.g., weather forecasting, medical records).
2. Example: Danish hackers slowed National Weather Service computers; risking missed
tornado warnings.
4.Accidental Damage
1. Even well-intended hackers can make mistakes and cause significant harm.

➢ Even if done with good intentions, it often leads to real harm, risk, or expense.
Special Purposes of Hacking
➢ Political Activism (Hacktivism): Hacking for social or political causes.
➢ Security Testing: Finding vulnerabilities to improve cybersecurity.
➢ Government & Military Use: Cyber warfare and intelligence operations.
Hacktivism (Political Hacking)
➢ Definition
•Hacktivism is hacking used to promote a political cause.

➢ Examples of Hacktivism
•Posting a pro-drug message on a police website.
•Hacking government websites as a form of protest.
•Releasing private data to protest government actions.

➢ Ethical justification depends on intent, impact, and political context.

Types of Hackers

•White Hat Hackers: Ethical hackers who find security flaws to improve systems.
•Black Hat Hackers: Malicious hackers who exploit vulnerabilities for personal gain.
•Gray Hat Hackers: Hackers who find vulnerabilities but sometimes act without
permission.
Case Study 1: Exposing Medical Center Data

A security researcher hacked into a medical center’s system and copied patient files to
demonstrate its vulnerability. His intention was not to misuse the data but to expose
weaknesses in the system. However, after the medical center denied any security breach, he
disclosed portions of the files to a journalist to prove his claim.

Discussion Questions
1.Is it ethical to access private medical records without permission, even if done to prove a
security flaw?
2.Should the researcher have worked directly with the medical center instead of leaking data to
the media?
3.How can security researchers highlight vulnerabilities without violating privacy laws?
Global Cyber Threats & Responses

➢ Cyberattacks can harm:

• Communication systems
• Financial systems
• Military operations

1. When should cyberattacks be treated as acts of war?

2. What measures can nations take to prevent cyber threats?
3. Can cyberwarfare replace traditional military conflict?
1. When should cyberattacks be treated as acts of war?

A cyberattack should be considered an act of war when it:

•Causes physical destruction (e.g., damage to power grids, satellites, or military
infrastructure).
•Results in loss of life (e.g., cyberattacks on hospitals or emergency response systems).
•Significantly disrupts a nation's economy or national security (e.g., financial system
shutdowns).

2. What measures can nations take to prevent cyber threats?

To strengthen cybersecurity, nations can:

•Enhance cybersecurity frameworks (regular updates, firewalls, threat monitoring).
•Develop international cybersecurity agreements for cooperation.
•Train cybersecurity professionals and conduct cyber defense drills.
•Use AI and machine learning to detect and prevent attacks.
•Improve public awareness to prevent phishing and social engineering attacks.
Security
Hacking and Security Weaknesses:
• Hackers exploit poor security in computer systems and networks.
• Early internet and systems weren't designed with strong security in mind.
Factors Contributing to Weak Security:
• Complexity of systems and software.
• Fast development of new applications.
• Human nature and economic factors.
Security in Government and Military Systems:
• Many government and military systems were initially vulnerable, with major hacks targeting
sensitive data.
• Foreign governments, rather than teenagers, are now the biggest threat.
Encryption & Protection:
• Encryption is a key security tool but often underused.
• Example: U.S. drones had unencrypted video feeds, making them vulnerable to hacking.
Security Failures in Businesses:
• Retailers and security firms have also suffered breaches due to poor encryption and outdated
systems.
The Law: Catching and Punishing Hackers

1. Introduction to Computer Crime Laws

•Initially, hacking was debated as a crime.
•States gradually passed specific computer crime laws.
•The Computer Fraud and Abuse Act (CFAA) – 1984 is the main federal law.

2. Computer Fraud and Abuse Act (CFAA)

•Covers government computers, financial systems, and interstate commerce.
•Makes unauthorized access illegal.
•Includes offenses like:
• Altering, damaging, or destroying data.
• Denial-of-service (DoS) attacks.
• Launching viruses and malicious programs.
•Strong penalties: fines and prison sentences.
3. USA PATRIOT Act & Amendments to CFAA
•Expands "loss" definition (response costs, system restoration).
•Increases maximum penalty to 10 years for first offenses.
•Stricter penalties for hacking military & criminal justice systems.
•Allows government monitoring without a court order.

4. Key Takeaways
•Hacking includes minor offenses & serious crimes.
•Laws aim to punish malicious hacking & protect cybersecurity.
•Debate continues on balancing security and ethical hacking.
Expansion of the Computer Fraud and Abuse Act (CFAA)
•Originally designed for malicious hacking but evolved with technology.
•Concerns: Criminalizing common online activities (e.g., violating website terms of use).
•Key Case: A woman convicted under CFAA for fake identity on MySpace; later
overturned.
•Broad interpretation issues: Could criminalize minor offenses like lying on dating sites.
•Alternative solutions: Websites can block access or terminate memberships instead of
legal action.

CFAA and Privacy Protection

•Unauthorized data collection: Some prosecutors use CFAA against hidden tracking
software.
•Challenges: Defining "authorized access" clearly to prevent over-criminalization.
Identity Theft and Credit Card Fraud

➢ Methods used by criminals:

• Stealing credit/debit card numbers, Social Security numbers.
• Applying for loans, tax refunds, and making unauthorized purchases.
• Selling personal identities for financial gain.
➢ Impacts: Billions in losses, ruined credit scores, legal trouble for victims.
➢ Countermeasures:
• Stronger cybersecurity policies.
• Law enforcement action against cybercriminals.
• Awareness and secure personal data handling.
Common Cyber Fraud Tactics
1.Phishing & Smishing: Fake emails/messages pretending to be from banks or companies.
2.Vishing: Phone scams requesting sensitive info.
3.Pharming: Redirecting users to fake websites via DNS attacks.
4.Database Breaches: Hackers stealing large-scale personal information.
5.Job Scams: Fake job postings collecting personal data.
6.Low-tech risks: Identity theft from lost/stolen wallets or misuse by acquaintances.

Preventive Measures

•Be cautious about online interactions and data sharing.

•Use secure passwords and avoid clicking suspicious links.
•Verify sender authenticity before responding to requests.
•Keep personal documents and online accounts secure.
Responses to Identity Theft & Credit Card Fraud
Authenticating Websites
• Email programs and browsers alert users to fraudulent sites.
• Fake websites often have poor grammar and suspicious origins.
• Browser tools flag unsafe sites and detect phishing attempts.
Credit Card & Debit Card Fraud
• Stolen/lost card fraud evolved with e-commerce.
• Security measures: Activation calls, caller ID verification, address confirmation.
• Skimming devices steal card data at ATMs and gas stations.
• AI detects unusual transactions to prevent fraud.
• PayPal and similar services offer secure online payments without sharing card details.
Authenticating Customers & Preventing Identity Theft
Authentication Techniques
• Devices store customer’s computer ID for login verification.
• Extra information & image-based authentication enhance security.
• AI-based risk assessment detects unusual login behavior.
• Geographic location tracking helps detect fraudulent transactions.
• Combining caller ID with Social Security digits improves safety.
Security vs. Convenience
• Trade-off between security measures and customer ease.
• Retailers minimize checks for fast transactions but absorb some fraud losses.
• Companies improve security when fraud losses become excessive.
Biometrics in Security & Fraud Prevention
What Are Biometrics?
•Unique biological traits for identification (fingerprints, voice, face, iris, DNA).
•Used in law enforcement, security, and fraud prevention.
•DNA & fingerprint matching help solve crimes and prevent identity fraud.
Applications of Biometrics
•Unlock doors, phones, and computers securely.
•Prevent duplicate IDs for driver’s licenses and welfare benefits.
•Airports use biometrics to restrict access to employees.
•Phones & laptops use fingerprint/face ID for security.
Challenges & Risks
•Biometric data theft is more dangerous than stolen passwords.
•Hackers can steal and misuse fingerprint or iris scan files.
•Criminals can trick scanners using fake fingerprints, photos, or contact lenses.
Whose Laws Rule the Web?

Digital Actions & Legal Challenges

•Laws differ across countries for digital crimes.
•Example: The ILOVEYOU virus (2000) caused global damage, but no law existed in the
Philippines at the time.
Key Areas Where Laws Differ
•Content control/censorship (politics, religion, etc.)
•Intellectual property
•Hacking & viruses
•Libel & privacy
•Online commerce & gambling
•Spam & fraud
Cross-Border Legal Conflicts
•Different nations prosecute online offenses based on their laws.
•Example:
• Thailand jailed a U.S. citizen for posting banned content.
• Jordan prosecuted a Dutch filmmaker for blasphemy.
• China may arrest foreign journalists for discussing democracy
Responsibility-to-Prevent-Access Principle
•Content/service providers must restrict access where material is illegal.
•They may face legal action in foreign countries if they fail to comply.

Key Questions
•Should people be prosecuted where a crime occurred or where damage
happened?
•How should global businesses and individuals navigate conflicting laws?
•Should providers be responsible for restricting content worldwide?
Yahoo and French Censorship
•France & Germany ban Nazi memorabilia (except for historical purposes).
•1999: French groups sued Yahoo for allowing French users to access Nazi items
on its U.S. auction site.
•French government also filed criminal charges against Yahoo and CEO Tim
Koogle for “justifying a crime against humanity.”

Technical Challenges
•Yahoo argued it was not possible to block French users.
•At that time, physical location was hard to detect online.
•Users could bypass restrictions using anonymizing tools.
•Geolocation software (emerging tech) could block ~90% of French users.
Libel, Speech, and Commercial Law in Different Countries

Differences in Libel Laws Among Free Countries

•Libel (written defamation) and slander (verbal defamation) laws vary.
•United States:
• Strong freedom of speech protection.
• Truth = No Libel.
• Public figures have less protection to allow open debate.
•England & Australia:
• Greater emphasis on protecting reputations.
• Example: Michael Jackson won a libel case against a British newspaper.
• Risky to publish business and political scandals.
Key Questions
➢ How should companies navigate conflicting national laws on speech,
commerce, and libel?
➢ Should companies be legally responsible for content accessed from
foreign countries?
➢ How can governments balance freedom of speech with protecting
reputations and citizens?
Nation-Specific Internet Regulations

•Goldsmith & Wu’s Argument (Who Controls the Internet?)

• "The Internet is becoming a collection of nation-state networks."
• Countries should regulate content based on local culture and values.
• Many non-U.S. countries view American free speech as excessive.
•Criticism of This View
• Culture ≠ Laws (culture evolves, laws may serve government power).
• Example: China's censorship → Protecting people or Communist Party
control?
• U.S. gambling ban: Claimed moral reasons, but allows state-run
gambling → Economic motives?
Content Restrictions: Culture or Protectionism?

➢ Examples of Media Protectionism

• Canada & France limit U.S. TV programs
• Justifications:
• Cultural protection from U.S. influence.
• Job creation & financial support for domestic industries.
• Debate: Fair economic policy or restriction of free competition?
•Should governments enforce protectionist laws beyond their borders?
Ethical Dilemmas in Internet Censorship
•What if a majority in a country supports banning certain content?
• Should minorities lose freedom of speech/religion?
•Is it ethical to defy censorship?
• Should blocked content be made available in censored countries?
• Does this promote human rights or violate sovereignty?

Key Questions
•Can we balance national laws with a free, open internet?
•Should tech companies be responsible for blocking content per each country’s
law?
•Where do we draw the line between respecting culture and defending human
rights?
Potential Solutions for Cross-Border Internet Regulation

1. International Agreements
•Treaties set common standards for resolving international cases.
•WTO agreement: Countries cannot block services from other nations if legal in their
own.
•Limitations:
• Does not help when a product or service is legal in one country but illegal in
another.
2. Authority-to-Prevent-Entry Principle
•Governments can block illegal content within their borders but cannot punish creators in other
countries where it is legal.
•Examples:
• Cold War censorship → Soviet Union jammed Western radio broadcasts.
• Iran blocks BBC Persian programs but cannot stop the BBC from broadcasting.
• Singapore bans Far Eastern Economic Review but cannot shut it down internationally.
•Potential benefits:
• Recognizes national sovereignty while reducing cross-border restrictions.
• Could pressure restrictive governments to limit censorship.
•Challenges:
• Could enable cybercriminals in countries with weak cyber laws.
• Some laws protect people from actual harm, while others enforce cultural/political
beliefs.
3. Challenges in Finding Global Consensus
•Laws vary:
• Some outlaw harmful activities (fraud, cybercrime).
• Others enforce cultural or political norms (speech, personal beliefs).
•Who decides which laws are “right”?
•Compromise often reduces freedom in more open societies.
Thank You