Cybercrimes, Cyber Law and Computer Programs for Security

Antonina Farion1, Valentyna Panasyuk2 1. Department of Economical Security and Financial Investigation, Ternopil National Economic University, UKRAINE,

Ternopil, 46 A Mykulynetska str., email: secretmail_antonina@ukr.net

2. Department of accounting in the industrial sphere, Ternopil National Economic University, UKRAINE, Ternopil, Peremohy Square 3, email: Tina.panasjuk@gmail.com

Abstract: In this document we describe the situation that was formed at the information market colligates with the increasing the level of cybercrimes. Law regulation of this sphere can’t follow the development of information technology that exacerbates the problems of cybercrime. At the individuals’ level cybercrime is associated with the using of pirated software: malicious people can access the user’s personal date. Keywords: information technology, cyberspace, intellectual property, cyber security, antivirus and protection.

I. INTRODUCTION

Law and Information Technology are parallel objects and many scientists prove that they complement each other. A lot of lawyers complain that law is always running behind the process of developing information technology.

II. THEORETICAL BASIS

R. M. Kamble underlines that information technology deals with information system, data storage, access, retrieval, analysis and intelligent decision making. Information technology refers to the creation, gathering, processing, storage, presentation and dissemination of information and also the processes and devices that enable all this to be done1. And computers become inalienable part of our life. Cybercrime is defined as crimes committed on the internet using the computer as either a tool or a targeted victim. Cybercrimes involve both the computer and the person behind it as victims; it just depends on which of the two is the main target2. So cyberspace spreads and become more dangerous because many people can be involved in it. Criminals roam freely in cyberspace than in other environment.

III. PRACTICE

Cybercriminal activity is one of the biggest challenges that humanity will face in the next two decades3. It is predicted

1 R. M. Kamble. Cyber law and information technology. International Journal of Scientific & Engineering Research, Volume 4, Issue 5, May-2013 2Computer Crime Research Center. Cybercrime definition. Electronic access: http://www.crime-research.org/articles/joseph06 3 Steve Morgan, Editor-in-Chief Cybersecurity Ventures. 2017 Cybercrime Report. Herjavec group. Electronic access: https://cybersecurityventures.com/2015-wp/wp-content/uploads/2017/10/2017-Cybercrime-Report.pdf

that cybercrime will cost the world $6 trillion annually by 2021. This increasing are based on hundreds of major media outlets, universities and colleges, senior government officials, associations, industry experts, the largest technology and cybersecurity companies, and cybercrime fighters globally (Fig.1).

Fig. 1. Prediction for increasing of cybercrimes cost from

2015 annually by 2021

It is direct connection of changing amount of internet users: 100000 in 1990 and 500 million people in 2013. These date rapidly changed (Fig. 2).

Fig. 2. Quantity of internet users changing (2015-2017)

Cybercrimes have unique structure that is connected with information technologies (Fig.3).

Many crimes that involve the use of cyber-technology are not genuine cybercrimes. Cyber-related crimes could be further divided into two sub-categories:

− cyber-exacerbated crimes; − cyber-assisted crimes.

Crimes involving cybertechnology could be classified in one of three ways: cyber-specific crimes genuine cybercrimes); cyber-exacerbated crimes; cyber-assisted crimes.

3

6

01234567

trillion, 2015 trillion annually up by, 2021

2

3,8

00,5

11,5

22,5

33,5

4

2015 2017

Billions ofinternet users

267

ACIT 2018, June 1-3, 2018, Ceske Budejovice, Czech Republic

Fig. 3. Cybercrimes that connect with information technologies.

Like other kinds of crime, which historically grew in relation to population growth, cybercrimes grow in proportion to digital targets. And cybercrimes are more dangerous than the others because criminals can operate anonymously over the computer networks. The difference between crimes is the hackers steal intellectual property. Law that connects with cybercrimes must cover IT area (Fig. 4).

Fig. 4. Definition of cybercrimes area.

During last 20 years many security software were invited for electronic date protection because in the world’s practice there is not the single law that can regulate all IT relations.

There is a field of law that comprises elements of various branches of the law4 (Fig. 5).

But even these parts of law are not enough to control cyberspace. Cybercrimes develop more quickly than others crimes (Fig. 6) [1]-[6]. Many countries have very few laws addressing cybercrime.

− Love Bug Virus; − VB script that spread via email and corrupted many

different file types; − FBI traced the virus to the Philippines.

4 What is IT law, ICT law or Cyber law? Michalsons. Electronic access: https://www.michalsons.com/blog/what-is-it-law-ict-law-or-cyber-law/286

Fig. 5. Elements of various branches of the law that connect with IT for creation the unique law for protection internet users’ property.

But can legislation stop cyber crime. Research shows that the costs of cyber crime for companies in financial services and utilities and energy have the highest annualized cost. The most expensive attacks are malicious insiders, denial of service and Web-based attacks [7]. In last 2017 year in the world the new kinds of cybercrimes appeared – machine learning accelerates social engineering attacks or cloud computing providers’ infection. But the necessary sections in the law that provide security from cybercrimes are not adopted so quickly. So, cybersecurity is the main instrument in securing date from threats (Fig.7).

Many computer criminals have been company employees, who were formerly loyal and trustworthy and who did not necessarily possess great computer expertise. To prevent increasing in cybercrimes activity it is important to identify career criminals, including those involved in organized crime, who are now using cyberspace to conduct many of their criminal activities. Some cyber-related crimes can be carried out by professional’s offenders and might be undetected because professional criminals do not typically make the same kinds of mistakes as hackers, who often tend to be amateurs.

Elements of various branches of the law that connect with IT

Con

tract

law

Pate

nt la

w

Crim

inal

law

Cop

yrig

ht la

w

Trade mark law

Banking law

Tax law

Labour law

Intellectual property law

Privacy and data

protection law

Freedom of expression

law

Tele

com

mun

icat

ions

la

w

Consumer protection

law

The law of evidence

Cybercrimes area

Info

rmat

ion

Pape

r or

elec

troni

c fo

rmat

Com

mun

icat

ion

Elec

troni

c co

mm

unic

atio

ns

Tele

com

- m

unic

atio

ns

Bro

adca

sting

Info

rmat

ion

tech

nolo

gy

Har

dwar

e an

d el

ectro

nics

So

ftwar

e

Com

mun

icat

ions

te

chno

logy

So

ftwar

e an

d ha

rdw

are

Pr

otoc

ols

Cybercrimes

Stolen

Date

Money

Theft

Intellectual property

Personal and financial date

Lost productivity

Fraud

Software

268

ACIT 2018, June 1-3, 2018, Ceske Budejovice, Czech Republic

Fig. 6. Classification of Cyber Crimes and people who are affected by them.

Information age is so called because our life is codified by date: almost everything we do or buy, and everything we depend on, involves data and the technology that uses it. Cyber criminals are building so called “an army of things” that has the potential to impact the future of the digital economy [9]. Impact of a cyber attack could include substantial loss of revenue and margin, of valuable data, and of other company assets. Quantity of cybercriminals increases quickly around the world. Now cybercrimes are connected international serious organized crime groups, smaller-scale, domestic criminals and hacktivists.

Although the most serious threat comes, directly or indirectly, from international crime groups, the majority of cyber criminals have relatively low technical capability. Their attacks are increasingly enabled by the growing online criminal marketplace, which provides easy access to sophisticated and bespoke tools and expertise, allowing these less cyber criminals to exploit a wide range of vulnerabilities [10]. There is also situation when companies’ websites were subject to the criminal access of a customer records database, followed by a ransom demand asking for payment in exchange for the return of stolen data. The wearables are rapidly gaining popularity with smartwatches. Wearables are tracking all sorts of personal information including GPS location, blood pressure, heart rate, and anything else you feed them such as weight or diet. Such personally identifiable information could be used as a base to target you for spear-

phishing, or aid in identity theft. But the real opportunity is these devices linking to your smartphone, where phone numbers, more personally identifiable information, emails, web logins etc. could theoretically be compromised [10].

Cybercrime activity is spreading around the world. For decreasing the cybercrimes in Europe, Cooperation Group, the Commission, the European Union Agency for Network and Information Security should be established to support information security within the EU countries [12]. According to Directive (EU) 2016/1148 the certain sectors of the economy are already regulated or may be regulated in the future by sector-specific Union legal acts that include rules related to the security of network and information systems. Each Member State shall designate one or more national competent authorities on the security of network and information systems.

Member States shall ensure that digital service providers identify and take appropriate and proportionate technical and organizational measures to manage the risks posed to the security of network and information systems which they use in the context of offering services referred to in Annex III within the Union. Having regard to the state of the art, those measures shall ensure a level of security of network and information systems appropriate to the risk posed, and shall take into account the following elements: the security of systems and facilities, incident handling, business continuity management, monitoring, auditing and testing [12].

Des

troy

prop

erty

and

stol

en

Com

pute

r file

s and

reco

rds

Info

rmat

ion

syst

em

Inte

llect

ual P

rope

rty

Publ

ishin

g of

info

rmat

ion,

whi

ch is

obs

cene

in e

lect

roni

c fo

rm

Cyber stalking is a crime in which the attacker harasses a victim using electronic communication, such as e-mail or instant messaging, or messages posted to a Web site or a discussion group.

Cybersquatting is registering, trafficking in, or using a domain name with bad-faith intent to profit from the goodwill of a trademark belonging to someone else.

Date diddling is the changing of date before or during entry into the computer system or altering the raw date just before it is processed by a computer and then changing it back after the processing is completed.

A Trojan horse is a coded program which masks the existence of a virus or malware by making its appearance look normal while containing malicious utilities transparent to the user; utilities that execute unnoticed in the background until it is too late.

Internet time theft. It is the use by an unauthorized person of the Internet hours paid for by another person.

Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source

An email bomb is a form of Internet abuse which is perpetrated through the sending of massive volumes of email to a specific email address with the goal of overflowing the mailbox and overwhelming the mail server hosting the address, making it into some form of denial of service attack.

A salami attack is when small attacks add up to one major attack that can go undetected due to the nature of this type of cyber crime.

Web-jacking - the hacker gains access and control over the web site of another.

Who can suffer from

cybercrimes?

Owners of Mobile phones and gadgets Bank accounts Files on their computers

269

ACIT 2018, June 1-3, 2018, Ceske Budejovice, Czech Republic

Fig. 7. Types of security in the network space.

The top industries at the greatest risk of cyber attack (Fig. 8) [11].

Fig. 8. The top 4 industries at the greatest risk of cyber attack.

IV. CONCLUSION Cyber crimes are intrinsically challenging for business

companies and governments. Security has to be developed quicker then types of cyber crimes because solutions that may have worked last year may not necessarily work this year or next.

REFERENCES [1] Cyber stalking. Available at:

http://searchsecurity.techtarget.com/definition/cyberstalking

[2] Cybersquatting. Available at: http://searchmicroservices.techtarget.com/definition/cybersquatting

[3] E-mail spoofing. Available at: http://searchsecurity.techtarget.com/definition/email-spoofing

[4] What is a Trojan Horse Virus? - Definition, Examples & Removal Options. Available at: https://study.com/academy/lesson/what-is-a-trojan-horse-virus-definition-examples-removal-options.html

[5] Aj. Maurya. What is a salami attack? Available at: https://ajmaurya.wordpress.com/2014/03/27/what-is-a-salami-attack/

[6] Email Bomb. Electronic access: https://www.techopedia.com/definition/1655/email-bomb

[7] Cost of cyber crime study. Insights on the security investments that make a difference. Independently conducted by Ponemon Institute LLCand jointly developed by Accenture. Available at: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf

[8] Cyber security. Available at: https://www.slideshare.net/Siblu28/cyber-security-36922359

[9] Cyber criminals a growing threat to digital economy. Available at: https://www.gtnews.com/2017/03/29/cyber-criminals-a-growing-threat-to-digital-economy/

[10] NCA Strategic Cyber Industry Group. Cyber Crime Assessment 2016. Need for a stronger law enforcement and business partnership to fight cyber crime. Available at: http://www.nationalcrimeagency.gov.uk/publications/709-cyber-crime-assessment-2016/file

[11] 5 industries that top the hit list of cyber criminals in 2017. Available at: http://www.infoguardsecurity.com/5-industries-top-hit-list-cyber-criminals-2017/

[12] EUR-lex. Directive (EU) 2016/1148 of the European Parliament and of the Council. Available at: https://eur-lex.europa.eu/legal-content/EN/TXT/?toc=OJ%3AL%3A2016%3A194%3ATOC&uri=uriserv%3AOJ.L_.2016.194.01.0001.01.ENG

• Healthcare

I Place

• Financial Services

II Place • Manufacturing

III Place

• Government

IV Place

Viruses and worms

Viper Trend micro

PC tools

Mc Afee

Kaspersky

G date

Norton

F-secure

Panda Avast

Webroot

Quick heal

CA

Bit defender

Microsoft Security Essentials

Hackers’ attacks

Passwords

Firewalls

Malware

Firewalls

Antivirus

Trojan horses Security

suites

Password cracking

Strong passwords and never used the same password for

two different sites

Personal control

State control

Cyber monitoring

Network security

270

ACIT 2018, June 1-3, 2018, Ceske Budejovice, Czech Republic