Presentation on theme: "CYBER CRIMES IN E-BUSINESS. What is E-Business E-business (electronic business), is the conduct of business on the Internet, not only buying and selling."— Presentation transcript:
CYBER CRIMES IN E-BUSINESS
What is E-Business E-business (electronic business), is the conduct of business on the Internet, not only buying and selling but also servicing customers and collaborating with business partners.
EXAMPLE OF E-BUSINESS Types B2C (Amazon) B2B (Freemarkets) C2B (Priceline) C2C (eBay, eBid, Napster) B2E (Mellon)
Forms of e-business e-Banking services e-Shopping (E-books and E-music) e-Food e-Hotel e-Ticket e-Learning
Why we Adapt E-business Only takes 3 minutes to find and order a book! 1. Start Internet 2. Search 3. Checkout
+ve & -ve aspects Pros Shop 24 hours a day Less traveling Quick access to information Increased product choices Greater price information Participate in reviews Fast delivery Electronic communities Cons Lack of security Fraud Cannot touch items Selection is difficult Potential breakdown of human relationships
How people become victims….
A Typical E-commerce Transaction
Vulnerable Points in an E-commerce Environment SOURCE: Boncella, 2000.
who are the criminals & what are their motives
Recognising Your Attacker Attacker External Intruder Internal Intruder Sophisticated Crackers Cookbook Crackers Dissatisfied Current employee Skilled Former employee
criminals and their motives Internal and external attackers share similar motivations: greed Wickedness Revenge misguided intellectual challenge of creating havoc within large systems.
who are the criminals and what are their motives Attackers Share Motivations No matter who will be responsible for it, a deliberate cyber attack can: destroy an asset (in which case, it retains no value), corrupt an asset (reducing its value), deny access to an asset (which still exists, but is unattainable), or result in the theft of an asset (which retains inherent value, but its possession changes).
Assets that could be lost through electronic crime include: banking and financial transactions data information related to a business’ competitive position command and control system data for satellite systems and aircraft intellectual property (processes, methods, trade secrets, proprietary data, and other intangible assets) litigation-sensitive documents personal identification data (whose loss can lead to “identity theft” or stalking)
TOOLS AND TECHNIQUES Used in cyber crime
Tools of the intruders trade Anonymous r ers: Machines on the Internet configured to receive and re-send traffic by replacing the original source address of the sender with the address of the anonymous r er machine. Used by intruders to mask their identities. Internet packet filters or “sniffers:” Software that allows intruders to capture network traffic. Nukers: Software tools used by intruders to destroy system log trails. Password crackers: Software that allows intruders to “break” encrypted password files stolen from a victim’s network server.
Tools of the intruders trade Scanners: Automated software that helps intruders identify services running on network machines that might be exploited. Spoofers: Software tools that allow intruders to pretend to be as other users. Steganography: A method of encrypting and hiding data in graphics or audio files. Used by intruders to spy, steal, or traffic in information via electronic dead drops, for example, in Web pages. Trojan programs: A legitimate program altered by the injection of unauthorised code into that program causing it to perform unknown (and hidden) functions to the legitimate user/system owner. Intruders use them to create undocumented “backdoors” into network systems.
SECURITY THREATS IN E-BUSINESS
Malicious code Hacking and cyber vandalism Credit card fraud Denial of Service Attacks Sniffing Insider Jobs
How to prevent Cyber crime
Update OS Antivirus protection Anti-spam and Trojan protection Good legal policies Preventing E-business crimes
Using the computer at workplace – between efficiency and privacy Include the Policy on how to use Internet at workplace as a part of the labour contract Training the employees on usage of Internet and software Training the employees on how they should treat confidential information and the essential passwords Preventing E-business crimes
Don't accept orders unless full address and phone number present Be wary of different "bill to" and "ship to" addresses Be careful with orders from free services Be wary of orders that are larger than typical amount Pay extra attention to international orders When in doubt, call the customer to confirm the order Use software or services to fight fraud When you’ve found fraud, contact your merchant bank immediately
Survey of 2010
Internet Crime Report 2010
TOP 10 CRIMES
Where sholuld we report
How to register complaints Simply write down your application (in English or in Urdu), narrate your complete problem, provide as much evidences, details as you can and send it to FIA National Response Center for Cyber Crimes(NR3C). Address this application to, To Director Cyber Crimes, FIA Heaquarters, Islamabad Write down your problem, with complete details… and in the end mention your name, contact numbers and addresses. Fax:
Conclusion establish clear, focused, integrated security policies provide employees with appropriate awareness and technical training hire capable, trained workers and support them in establishing and maintaining an integrated response to attacks Silent awareness of electronic threats and risks throughout the organisation pursue the perpetrators of e-crimes against the organisation to the fullest extent of the law