CYBER CRIMES IN E-
BUSINESS
What is E-Business
E-business (electronic business), is the conduct of business on the Internet, not only buying and selling but also servicing customers and
collaborating with business partners.
EXAMPLE OF E-BUSINESS Types
• B2C (Amazon)• B2B (Freemarkets)• C2B (Priceline)• C2C (eBay, eBid, Napster)• B2E (Mellon)
Forms of e-business
e-Banking services
e-Shopping (E-books and E-music)
e-Food
e-Hotel
e-Ticket
e-Learning
Why we Adapt E-business
Only takes 3 minutes
to find and order a book!
1. Start Internet • 2. Search 3. Checkout
+ve & -ve aspects
Pros• Shop 24 hours a day• Less traveling• Quick access to information • Increased product choices • Greater price information• Participate in reviews• Fast delivery• Electronic communities
Cons• Lack of security
• Fraud
• Cannot touch items
• Selection is difficult
• Potential breakdown of human relationships
How people become victims….
A Typical E-commerce Transaction
Vulnerable Points in an E-commerce Environment
SOURCE: Boncella, 2000.
who are the criminals &
what are their motives
Recognising Your Attacker
Attacker
External Intruder
Internal Intruder
Sophisticated Crackers
Cookbook Crackers
Dissatisfied Current
employee
Skilled Former
employee
criminals and their motives
Internal and external attackers share similar motivations:
greedWickednessRevengemisguided intellectual challenge
of creating havoc within large systems.
who are the criminals and what are their motives
Attackers Share Motivations
No matter who will be responsible for it, a deliberate cyber attack can:
destroy an asset (in which case, it retains no value),
corrupt an asset (reducing its value),
deny access to an asset (which still exists, but is unattainable), or
result in the theft of an asset (which retains inherent value, but its possession changes).
Assets that could be lost through
electronic crime include: banking and financial transactions data
information related to a business’
competitive position
command and control system data for satellite systems and aircraft
intellectual property (processes, methods,
trade secrets, proprietary data, and other intangible assets)
litigation-sensitive documents
personal identification data (whose loss can lead to “identity theft” or stalking)
TOOLS AND TECHNIQUES
Used in cyber crime
Tools of the intruders trade
Anonymous re-mailers: Machines on the Internet configured to receive and re-send traffic by replacing the original source address of the sender with the address of the anonymous remailer machine. Used by intruders to mask their identities.
Internet packet filters or “sniffers:” Software that allows intruders to capture network traffic.
Nukers: Software tools used by intruders to destroy system log trails.
Password crackers: Software that allows intruders to “break” encrypted password files stolen from a victim’s network server.
Tools of the intruders trade
Scanners: Automated software that helps intruders identify services running on network machines that might be exploited.
Spoofers: Software tools that allow intruders to pretend to be as other users.
Steganography: A method of encrypting and hiding data in graphics or audio files. Used by intruders to spy, steal, or traffic in information via electronic dead drops, for example, in Web pages.
Trojan programs: A legitimate program altered by the injection of unauthorised code into that program causing it to perform unknown (and hidden) functions to the legitimate user/system owner. Intruders use them to create undocumented “backdoors” into network systems.
SECURITY THREATS IN
E-BUSINESS
SECURITY THREATS IN E-BUSINESS
Malicious code
Hacking and cyber vandalism
Credit card fraud
Denial of Service Attacks
Sniffing
Insider Jobs
How to prevent Cyber crime
Update OS
Antivirus protection
Anti-spam and Trojan protection
Good legal policies
Preventing E-business crimes
Using the computer at workplace – between efficiency and privacy
Include the Policy on how to use Internet at workplace as a part of the labour contract
Training the employees on usage of Internet and software
Training the employees on how they should treat confidential information and the essential passwords
Preventing E-business crimes
Preventing E-business crimes
Don't accept orders unless full address and phone number present
Be wary of different "bill to" and "ship to" addresses
Be careful with orders from free email services
Be wary of orders that are larger than typical amount
Pay extra attention to international orders
When in doubt, call the customer to confirm the order
Use software or services to fight fraud
When you’ve found fraud, contact your merchant bank immediately
Survey of 2010
http://www.ic3.gov/media/annualreport/2010_ic3report.pdf
Internet Crime Report 2010
TOP 10 CRIMES
Where sholuld we report
www.nr3c.gov.pk/contact.html
How to register complaintsSimply write down your application (in English or in Urdu), narrate your complete problem, provide as much evidences, details as you can and send it to FIA National Response Center for Cyber Crimes(NR3C).
Address this application to,
To Director Cyber Crimes,FIA Heaquarters, Islamabad
Write down your problem, with complete details… and in the end mention your name, contact numbers and addresses.
Fax: 051-9266435Email: [email protected]
Conclusion
establish clear, focused, integrated security policies
provide employees with appropriate awareness and technical training
hire capable, trained workers and support them in establishing and maintaining an integrated
response to attacks
Silent awareness of electronic threats and risks throughout the organisation
pursue the perpetrators of e-crimes against the organisation to the fullest extent of the law
references
• http://en.wikipedia.org• http://www.ic3.gov/media/annualreport/2010_ic3report.pdf• http://www.nr3c.gov.pk/• http://www.defence.pk/forums/current-events-social-
issues/102896-pakistan-cyber-crime.html• http://www.fbi.gov/scams-safety/e-scams