SOME CYBER CRIME INCIDENTS
In the current section, we will discuss some of the common cyber crimes and fruads incidents over internet so that you could appriciate how these little ignorance could lead to a big digaster.
1. Paypal, an international online money transfer service, which allows you to safely transfer money through an Internet using various encryption techniques and provides an alternative to other traditional payment methods like cheques, money orders, etc. It have an active user base of over 100 million active users in 190 countries and performs over 9 million payments daily. It is one of the popular medium of payment over online auction sites like ebay etc. It is a convinient medium for trading particularly of the buyers and sellers are from differnet countries and have different currencies.
Romanion Hacker TinKode aka Razvan Cernaianu, explioted a loophole in the code of the chargeback process of PayPal. Due to this, a user can double its money en every attempt. Suppose the user have Rs.1000, this using this loophole, the amount will be doubled to Rs.2000 in the first attempt. Now this Rs. 2000 will be doubled to Rs. 4000 in the second attempt. Further Rs. 4000 will be doubled to Rs. 8000. Like wise this process will continue endlessly.
2. In Australia, a website called MP3/WMA Land, which offers a large number of pirated songs, music video clips for free download to its users. This resulted in heavy financial losses to the artists and the producers of those songs. The complain was loudeged by an organizations called Music Industry Piracy Investigations. The owners of the website, Ng, Tran and Le, who were the students of Australian University, were framed for Australia‟s largest copyright infrigement case(Urbas, 2012).
3. One of the intresting case of online stalking was registered by Mrs. Ritu Kohli at Delhi Police (Kaur, 2013). She reported that someone is using her identity over the Internet in the website www.mirc.com for chatting, and distributed her address and phone number. As a result she received a large number of phone calls from all over including Dubai, Ahemdabad, Mumbai, etc. at odd hours. This caused a lot of mental frustration and she decided to report the case. Based on her complain, Delhi Police tracced the IP address and finally traced the address of accused, Manish Kathuria and arrested him. A Dubai based NRI was blackmailed, and by the time the case was reported, he had already approximatly 1.25 crore to the accused (Madhya Pradesh State Cyber Police, 2013). The NRI met a girl over Internet and after a series of long chatting sessions, the girl won the love and trust of the NRI. In the meantime, she introduces him with several of her friends. Due to some reasons, the relation could not last long. After some time, one of the girl‟s friend, who was introduced to him by the girl, reports him that due to the mental stress of the broken relationship, the girl have commited sucide and police is investigating the case. Many fake copies of the letters from CBI, High Court of Calcutta, New York police and Punjab University etc. were also sent to the NRI. The NRI seeked help from the girl‟s friend, who in turn introduced her with a law firm based at Kolkata. The owner of the law firm agreed to take this case. A huge some of money was demanded by the law firm and a total of more that 1.26 crore were transfered on different occassions and he still demamded more money. The NRI smell something fishy and reported the case to Mumbai Police. The NRI forwarded all the email that he recieved from the girl, her friend and the owner of the law firm. After the foransic invertigation for the email, the IP address of all the three persons were found to be originated from the same source. After investigation, it was found that the identity of the girl and her friends were all virtual i.e. they does not exist. The owner of the law firm was the mastermind who assumed false identity of all the persons andcreated this false story to blackmail the NRI.
4. Iran‟s necular facility at Natanz was attacked by virus, Stuxnet which is belived to be developed by US (Shubert, 2011). It was not possible to inject the virus though the Internet as the network of the the Iran‟s necluer facility is a private network and was isolated from rest of the world. The virus first infacted the third party utility which is used by Natanz facility and gained assess to the network. The virus was designed to attack a specfic system software which controls the operation of Siemens controllers. The virus speeds up or slow down the centrifuges and thus wearing them out prematurely. Moreover, it hijacked the system and send false signals about the health and status of the necluer plant. Therefore, by the time the effect of the virus was detected, it was too late and the virus have done much harm to the neculear facility.
5. A trojen mail was used to hack the user name and the password of the current account of Mumbai based firm RPG Group and siphoned off Rs. 2.41 crore by Real Time Gross Sattlement(RTGS) (Narayan, 2013). Th bank officials suspected when they notice the huge amount of money transfer. They confirmed they same from the companie‟s officials who denied the tranfer of the money to the designmated accounts. Based on the names and the address of the of the account holders who have received the money, the police came to know that the account holders have permitted the main accused to use their account in return of huge commission.
6. Chennai police cracked a case of credit card fraud, where two BPO employees with the help of the son of the accused, increased the credit card limt and the communication address of the credit card owner (Madhya Pradesh State Cyber Police, 2013). They illigally hacked into their company‟s computer to find out the details of the credit card owner. They credit card company was cheated for about 7 lakhs before the incident was noticed. Due to the chance of the communication address, the owner of credit card could not receive montly statements genrerated at the month‟s end. The case was register with the Chennai police. After the digital foransic investigation of the BPO‟s compute system, it was found that its two employees have illegally access to the computer to steel the customer record.
7. A case of copyright infringment was loudged in Andhra Pradesh (Nandanwar, 2013). A well known mobile serive operator company launched a promotional campain, in which it offered a mobile phone at a very low cost to its customers with a lock-in period of 3-years. The software of the phone was configured in such a way that, in the lock-in period the sim of any other company cannot working with the handset. A compititor of that company lured the existing customers of the company which gave the mobile phone to “unlocked” the phone by cracking the software of the mobile so that any other sim can be used with the handset. The company reported the crime and the case were registered under copyright infringement u/s 63 of copyrights act.
8. A gang of criminals is active over the cyber space, which steels the credit card data of the cardholders from the POS at shopping malls, petrol pumps, resturents, hotels, etc. and use these cards to book air tickets online. According to the reports, over 15000 credit cards were fraudulently used by these criminals to book online tickets which account for approximatly Rs. 17 crore revenue loss. These criminals use public infrastructure like cyber cafe, etc. to book these tickets so that it is difficult to trace them. The fraud came to the notice when the customers who were charged for booking an airticket and these customers reported at the card issuing banks claming that these tickets were never booked by them.
9. In the year 2000, a worm known as Love Bug worm or VBS/Loveletter, which specially target Windows operating system based computer system, caused damage costing approx. Rs. 22,000 crore. An spam mail containing “ILOVEYOU” in the subject line and LOVE-LETTER-FOR-YOU.TXT.vbs as an attachment is received. If the used clicked the attachment, the machine gets infacted and the worm start searching all the drive of the computer and start currupting the files. It also start forwarding the copies of the email to all the outlook contacts added in the addressbook of the user. Nearly 10% machines connected to the Internet were infacted within no time (Madhya Pradesh State Cyber Police, 2013). Many large organizations which includes British parliament, Pentagon have to shut down the email system to stop this worm spreading into their network.
10. Online degree fraud are very popular these days over internet where accredited online degrees are offered by fake Universities (Gollin, 2003). These diploma mills offer to turn your work experience into a degree in exchange of money. The transcripts are also issued to the students on the basis of self evaluation. Its only when the students is rejected on account of fake degree, he realize that he fell pray to online fraud.
11. Can you belive a fake tweet message can cost $136 billiion loss within seconds (Fisher, 2013). The US stock markets crashed in response to a fake twitter message send via hacked twitter account of Associated Press, USA which reported two explosions in the White House and that President Barack Obama had been injured. Later, Syrian Electronic Army, a terrorist group claimed responsibility on its own Twitter feed for the AP hack. The hacking was performed by sending a phishing e-mail. As soon as the link in the phishing e-mail was clicked, a spyware was installed in the computer and the information stored in the system were sent to remote servers. Using this information the account of AP was hacked and the hoax was created which effected sentiments of the invester of NY Stock Exchange and resulted in heavy loss.
12. Recently a new virus, which infects the Point of Sale(POS) machines and steals the payment record of credit card of the customers. These confidential data like PIN codes, credit card numbers, expiration date, CCV number, etc. are tracked and sent to the hackers so that this information can be misused for commiting financial frauds (US-CERT, 2014).
13. The people with ill intentions are not only looking for your private and confidential data, but are in search of your communication infrastructure so that your identity can be used for hiding their identity so that they are not caught after creating neusence. The terrorist outfit Indian Mujahideen(IM) used the unprotected wi-fi network of a Mumbai based US citizen, Kenneth Haywood. They hacked his wi-fi network used send an e-mail, which contains his IP address, to a news agency just 5 minutes before the Ahemdabad blast (Chowdhury, Nair, & Johnson, 2008).
14. The terrorist used open wi-fi network of Matunga’s Khalsa College of Arts, Science and Commerce, Mumbai to send a terror mail to media house (The Indian Express, 2008). The terrorists remotely access the router and deleted the system logs after using the network so that it becomes difficult for the investigating to trace the origin of the email.
15. Pune based software engineer, Asma Sandip Thorve was arrested by economic offences wing of Pune police for illegally steeling source code of the software product and other confidential information of Brainvisa Technologies due to which the company lost Rs. 46.5 crores (Times of India, 2009).
16. There is a new type of crime evolving over internet where a prospective business partner will offer you a homebased business oppourtinity with no investment and very lucrative commission (Castillo, 2007). Once the person agrees to work with the company, the prospective business partner will ask for the details like address, phone numbers, photo identity, date of birth, etc. After some time, the person will receive parcel at the address with repackging instructions along with the list of addresses where these parcels are to be dispatched abroad. Actually these goods are purchased using stolen credit cards and the goods are delivered at the address provided by the person. The person will be held responsible if address of the delivery of the goods is traced by the investigators. The real trouble begins when your commision arrives. It is in the form of third party cheque and is of the higher amount then you expected. Some days latter an instruction to return the excess amount electronically is received. Once the excess fund is electonically transferred, the bank will discover that the cheque is fake and the person will be help responsible for this act.
17. Some of the customers of ICICI bank were victim phishing attack (Nair, 2009). Some of the customers received an email from a person who claimed to be an official of ICICI bank. He asked the customers to update their account information using a link which redirects the customers to a page which is very similler to ICICI bank‟s webpage. The case was registered by the bank officials when this fraud came to the knowledge of the bank when some of the customers got suspecious and informed the IT department of the bank to verify the source of such email. The bank officials were suprized to find out that the website, which was very closely resembling the bank‟s official website. If the customer used that link to update his account credentials by logging into the fake website using their user id and the password, these details would reached the hackers and they can later use this information to login into the customer‟s account and transfer money aur pruchase goods online.
18. The cyber criminals have targeted the gas filling station in the US to skim the credit card and debit card data. The hacker planted bluetooth enabled credit card skimmers in most of the gas stations locted in the Southern United States. The customer data which includes information like account number, PIN, CVV, etc eas used by the hackers to withdraw more than $2 million from the ATM mostly located at Manhattan.
19. The hackers used the tools used by the law enforcement agencies to parse data from iPhones to steel the private photographs of female celebreties in the US (Hazen, 2014). The hackers are belived to be using software called Elcomsoft Phone Password Breaker and iBrute to log into apple‟s site and download the backupfiles into their machines.
20. There are many incidents were non- friendly countries launch cyber attacks to gain access to the sensitive information. One such event is Russia is suspected for his involvement in hacking of US financial system (Farberov, 2014). One of the leading banks JPMorgan Chase was reported to be attacked by Russian hackers. The hackers were successful in steeling the sensitive data from the bank‟s server.
21. Recently, a Chinese mobile company, Xiaomi was found guilty for sending the sensitive data to Chinese servers (Kumar, 2014). This information includes sms, photographs, contact list, etc. without the knowledge of the users. It‟s not the first time that a Chinese company was help suspected for espionage and US government have banned the use of Chinese equipments in some of its major establishments.