COMPUTER CRIMES

A Case Study submitted in partial fulfilment of the requirements for the completion of the course in
CIS401M: IT ETHICS AND LEADERSHIP
Term 3, Academic Year 2014-2015

by

LORETO V. SIBAYAN
PAUL MATTHEW G. AVILA
Master of Science in Information Technology
College of Computer Studies

April 2014

TABLE OF CONTENTS

ABSTRACT 5 CHAPTER 1 1.0 INTRODUCTION 6 CHAPTER 2 2.0 OVERVIEW OF LITERATURE 8 2.1 CYBERCRIME 9 2.2 THEORIES OF CRIME 2.2.1 CRIMINOLOGICAL THEORIES 10 2.2.2 PSYCHOLOGICAL THEORIES 12 2.3 TYPES OF CRIME 14 2.3 CAUSES CYBERCRIME 19 2.4 CYBERCRIME PREVENTION 22 CHAPTER 3 3.0 ANALYSIS CYBERCRIME CASES 26 SUMMARY OF CYBERCRIME CASES 38 CONCLUSION AND RECOMMENDATION 43 REFERENCES 44

ABSTRACT

The 21st century has brought about certain influences in the lives of everyone including the way we do business transactions, the way we gain education and the way we communicate; these influences are mostly revolutionized through the use of modern day technology and though these technologies have been proven to be beneficial to the entire society, it also carries with it aspects that can be worrying for everyone. Certain professionals in the said field use their expertise to illegally develop ways on how to take advantage of others with of course the use of technology hence cybercrime. This study aims to provide an overview of the said topic and depict real life incidents with major companies and also discuss ways of avoiding them.

CHAPTER 1

1.0 INTRODUCTION
At early times the word computer was first conceived in the late 1600s and was originally used to describe a human being who performed calculations, computations and the like but it was only until the end of the 19th century when people began to understand and realize that machines are more than capable of doing the said act and perform them without fatigue, with greater pace and less errors.
Throughout the years, the progression of these said computers has incremented exponentially, evolving from large terminals to home / personal desktops to portable ones such as laptops and other handheld devices and with it users also found different use and application of these technology until it reached a stage where almost everyone has access to it, relies on it and cannot live without it; in short is at the mercy of it.
Because of the present need of individuals to depend on computing machines in day to day activities; certain individuals take this as an opportunity to take advantage of the said individuals by using the same nature of technology against for personal, business and other unethical reasons hence cybercrime.
According to Onuoha (2005), amateur and skilled computer users have continued to commit computer crimes year after year which led to the general public to express a feeling of both admiration and fear; as a result, legislators were pressured to come up with laws to govern and protect cyberspace and its users since cyber-attacks resulted from minor damages to murder; according to the Indian Express of 2002, due to an ongoing rivalry between two groups in the underworld, group A, knowing that group B’s leader is currently in an operation hired a computer expert to hack the hospital and change the prescription on that particular patient (group B’s leader) which resulted to his death.
This paper is determined to illustrate and describe the nature of cybercrime together with the reasons on why individuals tend to commit acts such as this with correspondence to theories of the same nature and depict significant examples of the said deed; furthermore, it explores a number of possibilities on how a common individual could lessen the risk of becoming a victim of the said crime. Likewise, a study such us this could be of help to other individuals who are looking for ways on how to shed light though not that deep with regards to the subject matter.

CHAPTER 2

2.0 OVERVIEW OF LITERATURE
Discipline development and research lucidity is made possible through detailed understanding of the knowledge generation in the area of the study. To do so, the researcher must be familiar with both previous theory and research; moreover, in order to assure said familiarity, a review of literature is done, in this case, an overview; it allows the researcher to gather and know the amount of work done in the concerned area that is “Cybercrime” thus identify problems and derive possible and corresponding solutions.

This said review is divided in to the following themes and subthemes: 2.1 Cybercrime 2.2 Theories of Crime 2.2.1 Criminological Theories 2.2.2 Psychological Theories
2.3 Types of Cybercrime 2.3 Causes of Cybercrime 2.4 Cybercrime Prevention

CYBERCRIME
Various researches state that there is no single definition to describe what cybercrime is, it usually differs from organization to organization, government to government and country to country. But to shed light on the topic, according to the document from the United Nations Office on Drugs and Crime last 2013 entitled “Comprehensive Study on Cybercrime” – “cybercrime is roughly defined as informational offence or a criminal act of which the target is computer information”, similarly, the Shanghai Cooperation Organization Agreement defines I as “the use of information resources and (or) the impact on them in the informational sphere for illegal purposes.”; Furthermore, Onuoha (2005) defines the word as any harmful act committed from or against a computer or network likewise the Director of Computer Crime Research Centre (CCRC) explains cybercrime as “any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them.”

Considering the fact that though this type of mischievous deed is done digital, it still has hypothetical basis that is criminological theories. Lowman (2010) identifies two theories, the first is the “Rational Choice Theory” is simply dictates that a crime is done in a rational choice because the benefits outweigh the potential negative consequences while the other is the “Routine Activity Theory” which states that crime is “normal and inevitable”. On the other hand, psychological theories explore how moral development and personality disorders affect criminal behavior while social theories look at how society affects crime.

CRIMINOLOGICAL THEORIES
RATIONAL CHOICE THEORY
This theory was developed in the 1970s and it was first said that there exists traits that are capable of producing factors that could result in crimes and as a result research experts tend to find the said traits but were only able to come up with few outcomes; with this, again the theory argues that “the offender makes a rational choice to commit the offence, and has weighed up the benefits of the crime against the cost of being caught and punished” therefore by adhering to the choice theory by Keel (2005) which generally states “three strikes and you’re out”, there should be more emphasis on the punishment that go in correspondence with the said crime to be a deterrent. For example, if an offender is to commit a crime not that grave in manner could just be laid off or reprimanded while crimes of greater gravity could lead to imprisonment. Furthermore, since the said theory weighs the benefits and cost of being caught it is argued that by eliminating out the choices that are needed to be made or by making the punishment more severe, crimes could be prevented (Wllison, 2006b).

In relation to the cases, the weight and cost of the crime is depicted based on the number of victims and the cost of what was lost from the said victims.

ROUTINE ACTIVITY THEORY

Routine Activity Theory by Cohen and Marcus Felson
This theory as cited in Sarah Lowman’s Criminology of Computer Crime was developed by Cohen and Marcus Felson (Cohen & Felson, 1979) states that “crime is normal and just requires opportunity” and occurs in the presence of (3) three things: (1) the offender must be motivated (2) there must be a suitable target and (3) there must be the absence of capable guardian – a guardian is the one that either protects or guards the target such as an elder or teacher. By relating it to the cases, it cannot be fully said that a capable guardian is not present especially the cases pertaining to large company hacks, it simply shows that the supposed to be “capable guardians” were still incapable of protecting their assets because of the level of skill of the attackers though optimistically speaking, it has allowed those companies to come up with better securities against future attacks and criminals.

PSYCHOLOGICAL THEORIES

Psychological Theory of Moral Development by Lawrence Kohlberg
It was Lawrence Kohlberg who developed the theory mentioned above, and it states that an individual gradually develops his/her moral reasoning as he/she grows up. (Kholberg & Lickona, 1976) But what happens is that criminals tend to stop their moral development compared to non-criminals. For example a criminal may stay in stage 2, “hedonistic orientation stage” – when right and wrong correspond to one‟s own needs – rather than moving to stage 3, “interpersonal concordance stage” – when what is right and wrong are based on concern for others.(Lowman, 2010); Kohlberg also argues that crimes committed for personal gains is an act of selfishness which belongs to the Moral Development Theory furthermore, psychologists suggests that though disorders mainly on personality greatly contributes to the development of crimes, cybercriminals display a lower dominance of antisocial personality disorder compared to other criminals (Taylor, Caeti, Loper, Fritsch, & Liederbach, 2006) and lastly, since criminality commonly is affected and affects society, certain sociological theories are also related.

SOCIOLOGICAL THEORIES
STRAIN THEORY

Also known as Blocked Opportunity Theory explains that individuals are given sets of goals by the society unfortunately not all of them are given the opportunities to reach those goals meaning those not privileged enough have less means to the essentials such as education and jobs hence they are in strain. (Slowman, 2010) Moreover, (5) five modes were developed by Strain Theorist Robert Merton to explain how criminals come out of the society and how are they driven. (1) Conformist – are the ones unlikely to commit criminal acts since they “conform” to the cultural goals and the means to obtain them; (2) Ritualist – they are the ones who have lower aspirations but still follow a normal path by rejecting cultural goals and accept the means of obtaining them; (3) Innovators “may turn to crime to achieve their goals”; (4) Retreatists are individuals who reject both their goals and the means to obtain them and lastly the rebels, who reject the cultural goals and replace them with new ones together with how they are obtained which are commonly done (according to Lowman (2010)) by criminals, gangs and cults. In lieu with the cases, the criminal acts are commonly done by an organized group of skilled professionals who are either hired or whose only purpose is to make a name by wreaking havoc in the society.

Due to the vastness of the said subject, the Australian Institute of Criminology classifies those into (9) nine branches according to the nature of how it was executed.
TYPES OF CYBERCRIME 1. THEFT OF TELECOMMUNICATIONS SERVICES
Technologically literate professionals break in to an organization’s telephone switchboard or PBX from different entry points such as impersonating a technician in which from there they obtain access to dial-in/dial-out circuits then make their own calls or sell call time to third parties, capturing calling card details and counterfeiting or reprogramming of stored value telephone cards. Moreover, Shieck (1995) and Newman (1998) as cited in the aforementioned source suggest that security failures at a major telecommunications resulted in a 5% industry loss in the 1990s. 2. COMMUNICATIONS IN FURTHERANCE OF CRIMINIAL CONSPIRACIES
Due to the ubiquity of technology and its ability to communicate with other devices over long distances, criminal organization use this capability to facilitate and organize drug trafficking, gambling, prostitution, money laundering, child pornography and trade in weapons.

3. TELECOMMUNICATIONS PIRACY
Technology allows the reproduction of materials such as print, graphics, sound and multimedia files, as a result, individuals make use of this understanding to reproduce the said materials illegally and distribute them for profit and the like. According to Meyer and Underwood (1994), a $7.4 billion worth of software was lost in 1993 due to piracy with $2 billion stolen from the internet. Moreover, an incident in 1999 occurred where a James Bond Film was made available free on the internet before its release.

4. DISSEMINATION OF OFFENSIVE MATERIALS
Acknowledging the presence of the internet and understanding its capability to transfer information from one end to another over great distances allowed offenders to spread sexually explicit materials and the like; furthermore, it can also be used to cyber stalk other and distribute their information which in turn could prove harmful to them. Examples of such are below: 1. “One man allegedly stole nude photographs of his former girlfriend and her new boyfriend and posted them on the Internet, along with her name, address and telephone number. The unfortunate couple, residents of Kenosha, Wisconsin, received phone calls and e-mails from strangers as far away as Denmark who said they had seen the photos on the Internet. Investigations also revealed that the suspect was maintaining records about the woman's movements and compiling information about her family (Spice and Sink 1999).” 2. “A former university student in California used email to harass 5 female students in 1998. He bought information on the Internet about the women using a professor's credit card and then sent 100 messages including death threats, graphic sexual descriptions and references to their daily activities. He apparently made the threats in response to perceived teasing about his appearance (Associated Press 1999a).”

5. ELECTORNIC MONEY LAUNDERING AND TAX EVASION
Wahlert (1996) discuss how the banking industry adopted a new method of transaction with its clients without hassle which is known as “e-commerce” – where money can be easily transferred from one account to another through digital wiring from which highly skilled individuals create algorithms and programs to bypass certain securities to transfer sums of money from said institutions without being physically present.

6. ELECTORNIC VANDALISM, TERRORISM AND EXTORTION
This refers to hacking of data processing and telecommunications system which leads to catastrophic consequences such as illegally accessing governmental and commercial organization websites (Rathmell 1997). An example of such is where:
“Defense planners around the world are investing substantially in information warfare-- means of disrupting the information technology infrastructure of defense systems (Stix 1995). Attempts were made to disrupt the computer systems of the Sri Lankan Government (Associated Press 1998), and of the North Atlantic Treaty Organization during the 1999 bombing of Belgrade (BBC 1999). One case, which illustrates the transnational reach of extortionists, involved a number of German hackers who compromised the system of an Internet service provider in South Florida, disabling eight of the ISPs ten servers. The offenders obtained personal information and credit card details of 10,000 subscribers, and, communicating via electronic mail through one of the compromised accounts, demanded that US$30,000 be delivered to a mail drop in Germany. Co-operation between US and German authorities resulted in the arrest of the extortionists (Bauer 1998).”

7. SALES AND INVESTMENT FRAUD
Electronic commerce has provided culprits to come up with false telephone sales pitches, deceptive charitable solicitations or bogus investment ventures. Cyberspace now abounds with a wide variety of investment opportunities, from traditional securities such as stocks and bonds, to more exotic opportunities such as coconut farming, the sale and leaseback of automatic teller machines, and worldwide telephone lotteries (Cella and Stark 1997 837-844).

8. ILLEGAL INTERCEPTION OF TELECOMMUNCATIONS
Advancements in the communication industry has made it possible for criminal to electronically eavesdrop where they wiretap certain communication lines to intercept calls or provide surveillance to their targets.
“It has been reported that the notorious American hacker Kevin Poulsen was able to gain access to law enforcement and national security wiretap data prior to his arrest in 1991 (Littman 1997). In 1995, hackers employed by a criminal organisation attacked the communications system of the Amsterdam Police. The hackers succeeded in gaining police operational intelligence, and in disrupting police communications (Rathmell 1997).”

9. ELECTRONIC FUNDS TRANSFER FRAUD
“Electronic funds transfer systems have begun to proliferate, and so has the risk that such transactions may be intercepted and diverted. Valid credit card numbers can be intercepted electronically, as well as physically; the digital information stored on a card can be counterfeited.” (Grabosky and Smith 1998)
With respect to the definitions above, it can be said clearly that such an act only leads to disruption and damage to other individual’s property, network interference, or other data systems but in order to deeply understand its nature, the paper looks at why persons continue to undertake such acts.
CAUSES OF CYBERCRIME
Situation:
“In an office at lunch time: employee A accesses the internet to check his account in a social networking site after which he goes to the comfort room; unknowingly he forgets to sign out his account and here comes employee B which notices that employee A’s account is still signed in and what he does is quickly mess with it and as soon as employee A returned, employee B acts as if nothing happened and to A’s surprise he found out what had happened because almost everybody was having a good laugh because of what had happened.”
The above example illustrates an individual who is driven only by the idea of pranking his colleague is already a simple but concrete example of how cybercrime works; though the case above can easily be forgiven, experts in the field target those that are usually of high value and commonly the essential factors in a crime are the doer of the act, the target, the motive and the technological medium.
Considering the fact the each individual is unique, so are their ideas and the things that drive them; with respect, below are the general classifications of what motivates an individual to take part in cybercrime as describe by Mercer (2013). * ECONOMICALLY MOTIVATED CYBERCRIME
This type of criminal is basically motivated to commit heinous crimes for the purpose of acquiring a certain amount (at large at most) of monetary compensation; also since the perception of attaining the deed is simply through the access of a computer terminal from any known location, the agents of the act find the risk being low thus pushing them to continue. Commonly criminals of this type engage in malware, phishing, identity theft and fraudulent money request attacks.
Businessweek estimates that cybercrimes targeting online banking accounts alone, for example, pull in nearly 700 million dollars per year globally.

* PERSONALLY MOTIVATED CYBERCRIME
Cyber criminals are still human beings and what they do -- including their crimes -- is often the cause of personal emotions and vendettas. From the disgruntled employee installing a virus on office computers to a jealous boyfriend hacking into a girlfriend's social media accounts or a teenager taking down a school website just to prove that he could do it, many cybercrimes are essentially crimes of passion committed over the Internet. Many of these crimes, however, can still have very serious impacts and cause considerable property damage.

* IDELOGICALLY MOTIVATED CYBERCRIME
After financial companies like Visa, MasterCard and PayPal refused to let account and card holders make contributions to the controversial non-profit WikiLeaks, the "hacktivist" group Anonymous coordinated a series of bot attacks on the companies' servers, rendering them unreachable to Internet users. These kinds of attacks are conducted for perceived ethical, ideological or moral reasons, damaging or disabling computer equipment and networks to express grievances against individuals, corporations, organizations or even national governments.
Since the advent of the currently occurring and spreading of cyber-attacks, it has been a common notion among government agencies to establish a counter measure to decrease their vulnerability and to hold the perpetrators accountable for their actions.
CYBERCRIME PREVENTION
According to the Technological Crime unit of the Royal Canadian Mounted Police, below are some simple steps to prevent attacks from the said crime.

1. Use strong passwords
Commonly individuals would settle for significant events in their lives in choosing or setting passwords in not one but several accounts; this in turn makes them and their account more vulnerable to attacks. It is suggested that a password be made from the combination of various letters, numbers and special character and a change should be on them on a regular basis. Furthermore, avoid writing down the said passwords on a paper or other materials if its safety is not that all good.

2. Secure your computer a. Activate your firewall
In layman’s term, firewalls are simply the first line of defense of a computer against outside traffic coming from a terminal’s medium in connecting to the internet and other location like server files and though this technology has its disadvantages such as degrade a computer system’s performance they still block connections to unknown or bogus sites thus keep out some types of viruses and hackers.

b. Use anti-virus / malware software
Anti-virus softwares are third party softwares that help clean and maintain a computer system from viruses that could do harmful effects to the said system. It is best to install one and keep it updated regularly.

c. Block spyware attacks
This type of programming is responsible for unknowingly retrieving information from your computer to the ones who deployed the software in the system. Counter-measures should be installed such as the previously mentioned anti-virus software.

3. Be Social-Media Savvy
Always exercise caution in posting personal information in the internet; likewise check the security settings for the account and make sure to log it off after accessing it.

4. Secure your Mobile Devices
Nowadays, mobile devices have almost the same capabilities of a home computer meaning they too are prone to virus attacks and hackers; still it is possible to install anti-virus softwares in them.

5. Install the latest operating system updates
Keep applications and other operating system current with latest updates to prevent potential attacks on older software.

6. Protect your Data
Use encryption tools to safety sensitive information and make regular backups of the said files and store it in another location.

7. Secure your wireless network
Intrusions often occur in wireless connections or commonly known as “Hot Spots” if they are not secure. Always consider setting up a password for the said connection and if possible avoid corporate financial transactions on these lines.

8. Protect your e-identity
Always consider that all the information that is shared in the internet is viewable by everybody that has access to it that is why it is but imperative to refrain from giving out to much personal information such as financial information; moreover, make sure that website are secure when making online purchases or have the privacy settings enabled.

9. Avoid being scammed
As the saying goes, “always look both sides of the street before crossing”; the same can be said when surfing the internet, always think before you click especially on a link of unknown origin such as ads that tell the user that he/she had won something an must click the link to claim the price; also a user must be wary of email depicting the same message. Always check the source of link and if in doubt verify the said source. 10. Call the right person for help
And lastly, if say an individual is currently experiencing an attack or has encountered illegal internet content – alert the authorities or call the right person; it can either be (at extremes) the police, the internet service provider, the system administrator or the I.T. personnel.
The above mentioned precautions are simply the basic but also helpful in the world of cybercrimes; but to better appreciate the topic, the study has cited examples that had occurred in the real world and big name companies.

CHAPTER 3 3.0 ANALYSIS
CYBERCRIME CASES
CASE #1 WHO : Name not stated. WHAT : Sony Playstation hack WHEN : Between April 17 and April 19, 2011 HOW : Playstation.com reported that between the stated dates above, it was discovered that a number of PlayStation Network and Qriocity server user account information was compromised because of an illegal and unauthorized intrusion into their network. Moreover, they believed that such an invasion was made possible by the personal information such as name, address (city, state, zip) country, email address, birthday, password and PSN online ID which was given to the attacker/s. They also added information could be taken from the information a user given in order to purchase in the online store. In response to the said attack, Sony Playstation decided to temporarily turn off the Playstation network and Qriocity services; likewise they secured their subscribes that they have taken necessary steps in enhancing and strengthening their network infrastructure by re-building their system to provide greater security to their subscribers.

CASE #2 WHO : Aleksandr Andreevich Panin WHAT : Botnet Bus SpyEye Malware Mastermind Pleads Guilty WHEN : 2009 - 2011 HOW : The guilty created a program or trojan known as SpyEye which has the capability to grab banking forms including credit card information from bank terminals using a web browser in accessing information of online bankers and forward it to the servers of the creator from which they can use this information to create false accounts, withdraw stolen funds and create bogus credit cards, etc from the bank. He (the guilty) conspired with Hamza Bendelladi to sell the said software by posting in a criminal website for $1,000 to $8,500 a piece depending on the version of the software. The operation continued and had sold to more than 150 “clients” until it was busted when he sold his malware to the wrong customer which was an undercover FBI employee. Upon investigating and obtaining a search warrant, they discovered that the said malware contained a full suite of features designed to steal confidential financial information, make fraudulent online banking transactions, install keystroke loggers, and initiate distributed denial of service (DDoS) attacks from computers infected with malware.
CASE #3 WHO : Name not stated. WHAT : New Internet Scam ‘Ransomware’ Locks Computers, Demands Payment WHEN : 2011 HOW : According to fi.gov there has been a widespread of a new internet scam in the United States known as Reveton Ransomware, the idea of the said malware is that when an individual has been affected by it, it locks the computer with its screen frozen but is alerted with a message that the particular computer has been in violation of federal law or it was identified by the FBI or the Department of Justice’s Computer Crime and Intellectual Property Section as having been associated with child pornography sites or other illegal online activity and for them to unlock their machines, they are required to pay a fine using a prepaid money card service and instructions were also given on how to use the said prepaid service. It was also understood that the said malware works in combination with the Citadel malware which is a software delivery platform that can disseminate various kinds of computer viruses which first came about in 2011. As it continues it spread, the FBI IC3, which was established in the early 2000s as partnership between the FBI and the National White Collar Crime Center provided warning to the public stating: * Do not pay any money or provide any personal information. * Contact a computer professional to remove Reveton and Citadel from your computer. * Be aware that even if you are able to unfreeze your computer on your own, the malware may still operate in the background. Certain types of malware have been known to capture personal information such as user names, passwords, and credit card numbers through embedded keystroke logging programs. * File a complaint and look for updates about the Reveton virus on the IC3 website. And lastly, when it comes to the removal of the malware, it is advised that they leave it to the experts since there is still no guarantee that a background application is not running.
CASE #4 WHO : Patrick Connolly and Ivory Dickerson WHAT : Sextortion WHEN : 2005
HOW : At the beginning of her summer break in June 2005, a 15-year-old Florida girl logged onto her computer and received a startling instant message. The sender, whom the girl didn’t know, said he had seen her photo online and that he wanted her to send him pictures—of her in the shower. When the girl didn’t comply, the sender showed he knew where she lived and threatened to hurt the girl’s sister if she didn’t agree to his demands. Worried and hoping to avoid alarming her parents, the girl sent 10 black-and-white images. When her harasser said they weren’t good enough, she sent 10 more, nude and in color. Then he wanted more.

According to FBI Special Agent Nikolas B. Savage, both assailants were jointly terrorizing adolescent girls for over (7) seven years by compromising their computers, demanding sexual photos or videos, and scouring their social networks. The pair also reached out to the girls’ friends—who were duped into downloading malicious software because the e-mails and messages appeared to come from trusted sources. Furthermore, it the agency about two-years of undercover works in narrowing down and tracking their suspects. Conolly was a British citizen who was located in Saudi Arabia and Iraq working as a military contractor while Dickerson was from North Carolina where 230 gigabytes of materials of the said nature were found.

Fortunately, both were imprisoned where Dickerson was sentenced in 2007 to 110 years in prison and Connolly 3 year after that for 30 years.

CASE #5 WHO : Name not stated. WHAT : Gameover (Malware) WHEN : 2012 HOW : This type of malware is a new variant of Zeus malware where it’s mainly a Phishing scheme that involves spam e-mails designed to steal client information from banking organizations.
It starts by receiving an email from banking institutions such as the National Automated Clearing House Association, Federal Reserve or FDIC informing the recipient that there has been a problem with their respective bank accounts. The sender includes a link in the e-mail that will supposedly help you resolve whatever the issue is. Unfortunately, the link goes to a phony website, and once you’re there, you inadvertently download the Gameover malware, which promptly infects your computer and steals your banking information.
After the perpetrators access your account, they conduct what’s called a distributed denial of service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site—probably in an attempt to deflect attention from what the bad guys are doing.

Furthermore, the money that was taken from the accounts are used to buy expensive stones and jewelries wherein the criminals would inform the jeweler the item they wish to purchase and that the money would be wire transferred to their account as payment and a “money-mule” would later pick up the merchandise. CASE #6 WHO : Name not stated. WHAT : Hacking NASA Computers WHEN : September 22 HOW : A 15 year old boy known as “c0mrade” hacked the NASA computers that supported the space station, and invaded a pentagon computer system to intercept 3,300 e-mails, steal passwords and cruise around like an employee. Likewise, turning 16, he admits accessing 13 computers at the Marshall Space Flight Center in Huntsville, Ala., for two days in June 1999 and downloading $1.7 million worth of NASA proprietary software that supports the space station’s environment, including temperature and humidity. NASA responded by shutting down the computers for 21 days to determine the extent of the attack at a cost of $41,000 in contractor labor and replaced equipment. He was sentenced (6) six months in jail and as part of his sentence, he must write letter of apology to the secretary of defense and the NASA administrator. CASE #7 WHO : Six Estonian Nationals WHAT : Operation Ghost Click WHEN : 2007 HOW : “Six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other viruses.”

The cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software. Furthermore, the main purpose of the said software is to redirect users to rogue servers from which the thieves gain access to the victim’s web activity.

According to reports, “When users of infected computers clicked on the link for the official website of iTunes, for example, they were instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software. Not only did the cyber thieves make money from these schemes, they deprived legitimate website operators and advertisers of substantial revenue”
The six criminals were taken into custody and their rogue servers were replaced with legitimate ones. CASE #8 WHO : (5) Five hackers. Names not stated. WHAT : Five hackers charged in biggest cybercrime case in U.S. history WHEN : Date not stated. HOW : The above mentioned criminals hacked Nasdaq, Visa Inc., J.C. Penney Co., JetBlue Airways Corp. and Carrefour SA which cost more than $300 million. Furthermore, prosecutors added that the five men, from Russia and Ukraine stole and sold at least 160 credit card numbers. In addition, authorities say that each of the men had specialized tasks two hacked into networks, another mined them for data, and another provided anonymous web-hosting services to hide the group’s activities, and another sold the stolen data and distributed the profits.
CASE #9 WHO : Nikita Kuzmin, Deniss Calovskis and Ionut Paunescu WHAT : Three Alleged International Cyber Criminals Responsible for Creating and Distributing Virus That Infected Over One Million Computers and Caused Tens of Millions of Dollars in Losses Charged in Manhattan Federal Court WHEN : 2007 HOW : In the year 2007, it was detected in a bank in the United States that there is an unknown malware that has been stealing client information for the purpose of illegally transferring funds from the client’s accounts to remote server locations which was also controlled by another cybercriminal. The virus that had spread infected about one million computers and caused tens of millions worth of losses. It was discovered that the said virus was developed and co-collaborated by three individuals and each of which has different specialties and contributions to the project. The Creation of the Gozi Virus First is Kuzmin, the one who conceived the idea of the Gozi virus in 2005, he created a list of technical specifications for the virus and hired a sophisticated computer programmer (CC-1) to write its source code, which is the unique code that enabled the Gozi virus to operate. Once the Gozi virus had been coded, Kuzmin began providing it to co-conspirators in exchange for a weekly fee through a business he ran called “76 Service.” Through 76 Service, Kuzmin made the Gozi virus available to co-conspirators, allowed them to configure the virus to steal data of their choosing, and stored the stolen data for them. He advertised 76 Service on one or more Internet forums devoted to cybercrime and other criminal activities. Beginning in 2009, Kuzmin began to sell the Gozi virus outright to his co-conspirators. It was then refined by Calovski by writing a computer code known as “web injects” which altered how web pages of a certain bank will look given that it has been infected by the virus. If an individual would access his account through an infected computer, he / she will be asked with other details necessary for accessing the account like, mother’s maiden name, social security number, driver’s license information and a PIN code in order to continue accessing the website. Lastly, to completely secure the transaction from detection by law enforcements. Bulletproof hosting has provided criminals with online infrastructure to keep their anonymity; moreover, it helped cybercriminals distributed the virus including a malware known a Zeus Trojan and SpyEye Trojan that initiated and executed denial of service (DoS) attacks, and transmitting spam. Paunescu who managed the bulletproof hosting rented legitimate servers from internet service providers monitored the IP addresses that he controlled to determine if they appeared on a special list of suspicious or untrustworthy IP addresses; and relocated his customers’ data to different networks and IP addresses, including networks and IP addresses in other countries, to avoid being blocked as a result of private security or law enforcement scrutiny. Below are list of charges and the number of years of penalty. DEFENDANT | AGE & RESIDENCE | CHARGES | MAXIMUM PENALTY | Nikita Kuzmin | 25; Moscow, Russia | Conspiracy to commit bank fraud; bank fraud; conspiracy to commit access device fraud; access device fraud; conspiracy to commit computer intrusion; computer intrusion | 95 years in prison | Deniss Calovskis | 27; Riga, Latvia | Conspiracy to commit bank fraud; conspiracy to commit access device fraud; conspiracy to commit computer intrusion; conspiracy to commit wire fraud; conspiracy to commit aggravated identity theft | 67 years in prison | Mihai Ionut Paunescu | 28; Bucharest, Romania | Conspiracy to commit computer intrusion; conspiracy to commit bank fraud; conspiracy to commit wire fraud | 60 years in prison | | | | |
CASE #10 WHO : Name not stated. WHAT : Business offers best practices for escaping CryptoLocker hell WHEN : Date not stated. HOW : CryptoLocker is a type of ransomware that is delivered through email attachments; if say an infected email and its attachment were to be opened, the malware is automatically deployed, from which it uses a 256-bit AES encryption to lock its victims’ data; though it alerts its victim that a security key will be provided if an amount of $300 were to be given through bitcoin unfortunately sometimes security keys were not given because the said malware provided a limited time to which the victim must response. Anti-virus companies such as BitDefender said, the said virus works through “sinkholding” its botnet command-and-control servers and Tren Micro adds that it tries all possible tricks to be evasive so as not to be detected by anti-malware softwares.
CryptoLocker is hardly the first ransomware to plague computer users. Another type of ransomware, called the FBI Virus, that can hit either a Windows PC or Apple Mac to take away control from the user, was noticed having a new twist this week. According to Malwarebytes researcher Segura, the Mac OS X version of the ransomware is now demanding an additional fee above the first demand for $300. The second demand says it has your criminal records and will delete them for $450, he points out.

SUMMARY OF CYBERCRIME CASES DESCRIPTION | INTERNAL /EXTERNAL | POINT OF ENTRY | CONSEQUENCES | | | | Sony Playstation Hack | External | Intrusion of Network | Account Information Compromised | | | | SpyEye Malware | External | Malware (SpyEye) | Acquired financial and personal information stored on affected computers | | | | ‘Ransomware’ Locks Computers, Demands Payment | External | Malware (Drive-by) | Victim’s computer immediately locks, and the monitor displays a screen stating there has been a violation of federal law and requires to pay a fine to unlock the affected computer. | | | | Sextortion | External | Malicious Softwares (Emails) | terrorized adolescent girls by compromising their computers, demanding sexual photos or videos, and scouring their social networks. | | | | Malware Targets Bank Accounts | External | Malware (Emails that gives the user a link to download the malware) | infects your computer and steals your banking information | | | | 15-Year-Old Admits Hacking NASA Computers | External | Intrusion of Network | 21-day shutdown of NASA computers and invaded a Pentagon weapons computer system to intercept 3,300 e-mails, steal passwords and cruise around like an employee. | | | | Operation Ghost Click | External | Malware (DNSchanger) | exposing infected machines to even more malicious software; redirect unsuspecting users to rogue servers controlled by the cyber thieves, allowing them to manipulate users’ web activity | | | | Five hackers charged in biggest cybercrime case in U.S. history | External | Intrusion of Network | hack that cost targeted companies more than $300 million; stole and sold at least 160 credit card numbers | | | | Three Alleged International Cyber Criminals Responsible for Creating and Distributing Virus That Infected Over One Million Computers and Caused Tens of Millions of Dollars in Losses Charged in Manhattan Federal Court | External | Malware (Gozi Virus) | steals personal bank account information, including usernames and passwords, from the users of affected computers | | | | Businesses offer best practices for escaping CryptoLocker hell | External | Malware (CryptoLocker) | electronic files locked up inside strong encryption and the extortionist operating the malware botnet demanding money to give the victim the security key that would let companies get their data back | | | |

Cyber Criminal Motivations - Case Analysis
Monetary or Financial Motivation
Esquibel et al in 2005 presented that most botnets operators were driven and motivated monetarily. The UNDOC 2013 on cybercrime states “Widespread cybercrime consumer victimization carries with it significant financial costs – both direct and indirect. Direct and indirect costs include money withdrawn from victim accounts, time and effort to reset account credentials or repair computer systems, and secondary costs such as for overdrawn accounts.
Indirect costs are the monetary equivalent of losses imposed on society by the existence (in general) of a particular cybercrime phenomenon. Indirect costs include loss of trust in online banking and reduced uptake by individuals of electronic services. The overall cost to society of cybercrime might also include ‘defence costs’ of cybersecurity products and services, as well as fraud detection and law enforcement efforts.” The victims of cybercrime often involves monetary motivation as has been seen in the top FBI cases as presented in this paper.
The figure below show the cost of cyber crime per country.

While the number shows the cost of cybercrime in losses and costs it is a very clear depiction that the largest contributor to cyber criminality is motivated monetarily.
Personal Achievement
While there are many hackers that have engaged in cybercrime there are those that have done it solely for personal achievement or because of personal curiosity. In the presented cases, those that have hacked NASA, have no funds to steal but just to see if indeed the system is vulnerable. These criminals have done this to satisfy a personal need or gratification that they were the first to do it.
Part of an Organized Criminal Group
While there are some that operate individually over a small area, there are some that operate enterprise wide through a funded organized group that engage in cyber crime. Groups like Anonymous have engaged in these activities as paid mercenaries whose sole motivation may be financial but also to seek destruction and damage. Hacktivists that create denial of service and other damaging network activities.
In the UNDOC 2013 Comprehensive study “In 2008, 26 individuals – including reputed mafia

organized crime family members – were indicetd on charges of operating a sophisticated illegal

gambling enterprise, including four gambling websites in a country in Central America. The

District Attorney commented that ‘law enforcement crackdowns over the years on traditional mob-

run wire rooms have led to an increased use by illegal gambling rings of offshore gambling

websites where action is available around the clock.’ While gambling was illegal in the prosecuting

jurisdiction, the websits took advantage of different legislation in other jurisdictions. Bets were

placed in the country but processed offshore and the data ‘bounced’ through a series of server

nodes”.

The United Nations in 2013 documents that cyber criminals are also organized into groups and have

Complex structures and while they are motivated financially these groups are also motivated to claim

Personal gratifaction though they are part of a criminal group.

PART III
CONCLUSION AND RECOMMENDATION
Due to the ongoing prevalence of technology, members of the society seek to discover different opportunities in which these said technologies could be applied; though there have been positive outputs from the said applications, some of the individuals who are considered to be expert professionals in the said nature tend to use their capabilities to gain advantage over other individuals. They create programs known as malwares and viruses to steal information and money from people hence cybercrime. Moreover, though these acts often leave the public with mixed emotions such as awe where they are amazed with what and how the deed was carried and fear for their own since they can also be targets of the said criminals.
Events such as these have awoken governments of different countries and nations to come up with certain measures to counter act if such a thing would take place and with continuous efforts, they are able to put an end to the attacks and apprehend the attackers.
Lastly, given the fact that as part of the modern era, we individuals must learn how to take necessary precautions and safety measures to avoid being victims of the attacks, we must learn to be technologically literate and if were given the talent to excel in such field, must know the boundaries of ones capabilities and be responsible enough in using them.

REFERENCES
(2014). Botnet Bust SpyEye Malware Mastermind Pleads Guilty. www.fbi.gov. Retrieved March 2014 from http://www.fbi.gov/news/stories/2014/january/spyeye-malware-mastermind-pleads-guilty/spyeye-malware-mastermind-pleads-guilty
(2012). New Internet Scam ‘Ransomware’ Locks Computers, Demands Payment. www.fbi.gov. Retrieved March 2014 from http://www.fbi.gov/news/stories/2012/august/new-internet-scam/new-internet-scam
(2012). Cyber Alerts for Parents & Kids Tip #2: Beware of ‘Sextortion’. www.fbi.gov. Retrieved March 2014 from http://www.fbi.gov/news/stories/2012/february/sextortion_021012/sextortion_021012
(2012). Malware Targets Bank Accounts ‘Gameover’ Delivered via Phising E-Mails. www.fbi.gov. Retrieved March 2014 from http://www.fbi.gov/news/stories/2012/january/malware_010612/malware_010612
(2011). Operation Ghost Click International Cyber Ring That Infected Millions of Computers Dismantled. www.fbi.gov. Retrieved March 2014 from http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911
Wilson, C. (2012). 15-Year-Old Admits Hacking NASA Computers. www.abcnews.go.com. Retrieved March 2014 from http://abcnews.go.com/Technology/story?id=119423
Seybold, P. (2011). Update on PlayStation Network and Qriocity. Retrived March 2014 from http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
Post, A. (2013). Five hackers charged in biggest cybercrime case in U.S. History. www.insidecounsel.com. Retrieved March 2014 from http://www.insidecounsel.com/2013/07/26/five-hackers-charged-in-biggest-cyber-crime-case-i
Messmer, E. (2013). Businesses offer best practices for escaping CryptoLocker hell. www.networkworld.com. Retrieved March 2014 from http://www.networkworld.com/news/2013/111413-cryptolocker-practices-275987.html
(2013). Gozi Virus. www.fbi.gov. Retrieved March 2014 from http://www.fbi.gov/newyork/press-releases/2013/three-alleged-international-cyber-criminals-responsible-for-creating-and-distributing-virus-that-infected-over-one-million-computers-and-caused-tens-of-millions-of-dollars-in-losses-charged-in-manhattan-federal-court
Mercer, C. Causes of Cyber Crime. Science.opposingview.com. Retrieved March 2014 from http://science.opposingviews.com/causes-cyber-crime-1846.html
Top 10 Cyber Crime Prevention Tips. (n.d.) Retrieved March 2014 from http://www.rcmp-grc.gc.ca/
Crime in the Digital Age by Peter Grabosky and Russell Smith, Sydney: Federation Press, 1998 (co-published with the Australian Innstitute of Criminology).
UNDOC 2013 Comprehensive Study
2013 Roshma Profile of a Cyber Criminal