journal internet security-cyber crime paradox

8/2/2019 Journal Internet Security-cyber Crime Paradox

1/11

My Summary : Syahrul Ramadhan

Internet security - cyber crime Paradox1Ali Peiravi, 2Mehdi Peiravi

Ferdowsi University of Mashhad,Department of Electrical Engineering, School of Engineering, Mashhad IRAN

Telephone number: (0098) 511-881-51001

[email protected] ,2

[email protected]

Abstract: The objective of this study is to review the issues involved in internet security andcyber crime. Apparently this poses a paradox since the technological advances made in bothsoftware and hardware to increase internet security measures are also available to cybercriminals who immediately use them to counteract these measures. Another problem isinfringement on privacy that has to be dealt with as stricter security measures and legislation areput into effect. Cyber crimes are briefly reviewed, and legislative and technological ways tocombat them are presented. [Journal of American Science 2010;6(1):15-24]. (ISSN: 1545-1003).

Key words : Cyber crimes, internet security, legal aspects, intrusion detection

1. IntroductionCyber crimes have progressed into

serious threats and proper legislation andprosecution is badly needed to combat them.Cyber crime legislation is always laggingbehind the fast-growing technologicaladvances which are used by the criminals aswell as those who wish to combat them.There is also a need to consider thecompeting interests between individualrights of privacy and free speech, and theintegrity of public and private networks. Dueto the international nature of today'snetworks, no single country can enact lawsto effectively address the issues related tocyber crimes. (Sinrod and Reilly, 2000).

The use of the internet has becomeso wide-spread now that it covers almostevery aspect of human life today. Acts suchas banking, payment of bills, shopping,personal affairs, etc. are relying oncomputers and the internet more and more.Therefore, the internet has become very vitalin man's economic and social life.

Violation of intellectual property isanother major concern for many industriessuch as automobile manufacturers,manufacturers of luxury goods, etc. whosuffer from great financial losses.

The term "cyber crime" refers to theuse of a computer and the internet to commita criminal act such as identity theft, domaintheft, Internet auction fraud, blackmail,forgery, embezzlement, online gambling,defamation, pornography, web sex withminors, violation of intellectual property,cyber terrorism, etc. One may also cite e-mail spam, hacking and cracking, denial of service attacks and spreading computerviruses as other issues of great concern.

The potential threats of cyber crimesand their socioeconomic costs have become

so large that demand special attention toboth legislative aspects of cyber crimes andtechnical aspects of data security.

The best approach to the issue of cyber crimes is the analysis of the types of cyber crimes, the legislative aspects of fighting such crimes, and the technologicalimprovements required in the field of datasecurity to hinder these crimes.

When an offense is done, a computermay be the target of that offense, the tool of the offense, or it may contain evidenceregarding that offense. Malicious viruses,hackers, crackers, espionage, and cyber-warfare are instances of cyber crimes thattarget computers. When a computer is thetarget of the offense, the goal of the attackeris to either steal data or cause damage to thecomputer system. Computers may beincidental to the offense and containevidence of crimes such as childpornography or attempts at sex with minors.

2. Cyber crimes and cyber attacksAny use of a computer and the

internet to do some act that would beconsidered a crime is called a cyber crimesince a crime is usually defined in terms of the end result. There are many types of cyber crimes including hacking, cracking,extortion, child pornography, moneylaundering, fraud, software pirating, andcorporate espionage. The tem 'hacker'usually refers to a computer user who wantsto gain unauthorized access to a computersystem while the term 'cracker' is used torefer to a hacker with criminal intentions.Crackers sabotage computers, stealinformation, and disrupt networks withmalicious intents. Naturally, hacking andcracking should not be looked upon in thesame way. Nearly a third of theft of


2/11


confidential information and trade secrets isdone by employees who have access to thetarget computer systems.

Types of computer crimes include

1- Salami attacksIn these attacks the amount of alteration in each individual case is so smallthat it goes unnoticed. However, the overalleffect is tremendous. For example, anattacker may subtract a minor sum fromevery bank customer's account which wouldadd up to a large sum when deposited intohis own account.2- Data alteration

In this form of attack data is changed

just before being processed by the computerand then changed back again into its originalform afterwards. This would make theresults seem justifiable, although they arenot.3- E-mail bombing

In this case, the goal of the attackeris to interrupt the victim's e-mail service bysending him a large number of e-mails.4- Denial of Service (DoS) attack

Denial of service attack refers to anexplicit attempt by an attacker to preventlegitimate users of a service from using thatservice. Examples include:1-Flooding a network and preventinglegitimate network traffic.2- Disrupting a server by sending morerequests than it can possibly handle toprevent access to a service.3- Preventing a particular individual fromaccessing a service.4- Disrupting service to a specific system orperson.

In a denial of service attack one usertakes up so much of a shared resource thatnone of the resource is left for other users.Such attacks compromise the availability of the resources that may be processes, disk space, percentage of CPU, printer paper, etc.In the internet this takes the form of

4-1 SYN Flood attacks,4-2 UDP Flood attacks,4-3 ICMP Flood attacks,4-4 New generation attacks such as

smurf, fraggle, and papasmurf 4-5 DDoS attacks such as Trinoo,

Tribe Flood Network, Tribe Floodnet 2k,and Stachel-draht.

Common symptoms of DoS attacksare as follows:

1- unusually slow network performance.

2- unavailability of a particular website.

3- inability to access any web sites.

4- a drastic increase in the number of received spam emails.

There are four possible forms of defense against DDos attacks as follows:

1-Blocking SYN floods which are

caused when the attacker spoofs the returnaddress of a client machine so that a serverreceiving a connection message from it isleft hanging when it attempts toacknowledge receipt.

2- Implementing BCP 38 network ingress filtering techniques to guard againstforged information packets.

3- Zombie Zapper tools to tell a'zombie' which is flooding a system to stopdoing so.

4- Low-bandwidth web sites toprevent primitive DDoS attacks by nothaving enough capacity.

5- Web Site Defacing In this form of attack, the system cracker changes the visualappearance of the site under attack bybreaking into the web server and replacingthe hosted website with his own.

6- Malicious codes such as viruses,worms, Trojans and RATs.

Malicious code may be used bycyber criminals for various goals. Computerprograms can sometimes be damaging ormalicious in nature. If the source of thedamaging program is an individual whointended that the abnormal behavior occur,the instructions are malicious code. Thefollowing actions are possible forms of defense against hacker attacks:

1- Scanning for already knownvulnerabilities in the system

2- Checking Web application holes3- Testing the network for potential

weak links and entry points.Malicious code or malware include

the following:

6- 1 Security tools and toolkits

Software to detect cyber attacks hasbeen developed as cyber threats haveevolved. Sophisticated anti-spyware andanti-virus solutions capable of detecting verycomplex viruses have been developed assecurity tools and are easily available overthe internet. These programs automaticallyscan for computer security weaknesses andquickly probe a computer or an entirenetwork for hundreds of weaknesses.However, some of these tools may be usedby attackers. Moreover, there are somereadily available programs on the internetwhose only function is to attack computers.Computer users should be cautious of potential vulnerabilities in their computersystem due to the availability of potentially


3/11


malicious security tools and high-qualityattackware.

6-2 Back doors or trap doorsBack doors are code written into

applications or operating systems to grantprogrammers access to programs withoutrequiring them to go through the normalmethods of access authentication. Theybecome threats when they are used to gainunauthorized access into a computer system.

6-3 Logic bombsLogic bombs are programmed threats

which are dormant for some time beforethey are triggered. Once triggered, they

perform a function not intended for theprogram in which they are embedded. Onemay protect his computer against maliciouslogic bombs by not installing softwarewithout thoroughly testing it, and by keepingregular backups of his important work.

6-4 VirusesA computer virus is a sequence of

code inserted into other executable codesuch that the viral code is executed when theprogram is run. The virus copies itself intoother programs. Viruses need to have a hostprogram to enable them to be activated whenrun.

6-5 WormsWorms are programs that can run

independently. They travel from onecomputer to another through network connections. Worms do not change otherprograms. However, they may carry viruses.An example is the installation of keystrokelogging Trojans using a virus or a worm.

6-6 Trojans and RATsTrojan horses are programs that

appear to be doing what the user wantswhile they are actually doing something elsesuch as deleting files or formatting disks. Allthe user sees is the interface of the programthat he wants to run. RATs are remoteaccess Trojans that provide a backdoor intothe system through which a hacker cansnoop into your system and run maliciouscode. Hackers can even use these hijackedsystems to launch attacks against others. Byhaving thousands of computers accessing thesame site at the same moment, the siteservers may be overburdened and no longerbe able to process requests. These attacksare referred to as Distributed Denial of Service, or DDoS attacks.

6-7 Bacteria or rabbit programs

Bacteria or rabbits are programs thatare meant to replicate themselves. Thus theyreproduce themselves exponentially and takeup all the processor capacity, memory, ordisk space.

3 Cyber warfareCyber warfare includes cyber

espionage, web vandalism, politicalpropaganda, distributed denial of service,equipment disruption, cyber attack oncritical infrastructures such as power, water,fuel, communications, etc. and compromisedcounterfeit hardware with malicioussoftware, firmware or even maliciousmicroprocessors. Cyberwar is another

instance of cyber crime committed by onecountry against another. The recent cyberattacks in the Middle East and particularlyEstonia as a result of which the country wasalmost brought to a standstill were presentedby (Jenik, 2009). Estonia was subject tocyber attacks in April 2007 in the form of distributed denial of service when the newlyappointed government initiated plans torelocate the Bronze Soldier of Tallinn.Estonian authorities accused the Kremlin of direct involvement in the cyber attacks. ITsecurity specialists worldwide were called infor help and an ad-hoc digital rescue teamwas formed. After a few days, frontlinedefenses were set up which mainly involvedimplementing BCP 38 network ingressfiltering techniques across affected routers toprevent source address spoofing of internettraffic. In the days it took to fight off theattack, Estonia lost billions of Euros inreduced productivity and businessdowntime.

The threat of cyber attacks againstthe government is so high that the British aresetting up a new multi-agency office of U.K.Cyber Security Operations Center. With therecent DDos attacks that began on July 4,2009 and knocked out the web sites of several government agencies in the UnitedStates including some in charge of fightingcyber crime, implementation of more strictsecurity measures are badly needed. Eventhe web sites of some major governmentagencies, banks and newspapers in SouthKorea were paralyzed under the recent cyberattacks.

4 Legislation against cyber crimeThe main question to be addressed

regarding legislation against cyber crime iswhether or not existing penal laws areadequate to deal with cyber criminals.Existing legislation regarding cyber crimesare different in various parts of the world.Some of them are sufficient to deal with


4/11


some forms of cyber crime while they maynot be able to properly deal with other formsof cyber crime. New laws and technologyare needed to effectively combat cybercrimes. Existing legal framework for

fighting cyber crimes is insufficient in manycountries including China that has the mostnumber of internet users in the world. (Qi etal., 2009) reported that internet relatedregulations put forth so far tend to bereactive. They presented an overview of cyber crime legislation in China by startingfrom the history of computer and network development, cyber crime development andcorresponding legislation development inChina.

Depending on the type of crime, thevarious existing legislation may or may notbe sufficient. For example, credit card fraudsare sufficiently covered by existinglegislation since the fraudulent transaction isstill considered fraudulent even though it isdone online instead of on paper. However,some other forms of cyber crime such ashacking or denial of service attacks are notsufficiently covered by the law. There arealso problems related to presenting proof of such crimes. Some legislation has attemptedto restrict activities which may lead to cybercrimes. For example, the Australian SpamAct of 2003 prohibits sending commercial e-mails to recipients without their consent byrequiring that the e-mails contain preciseinformation about the sender, and practicalways for the receivers to unsubscribe. Or theU.S. Fraud and Abuse Act (CFAA) prohibitsunauthorized access to computer networksthat causes damage in a 1-year period of $5000 or more, transmission of viruses andany other destructive codes. The Council of Europe Convention on Cyber crime has alsorequired all member and other signatorystates to adopt legislation to establishaccessing a computer system without right,intercepting non-public transmissionswithout right, mdamaging of computer datawithout right, serious hindering of computerfunctioning without right, etc. as criminaloffenses. The Interpol has also been activein combating cyber crimes by establishingregional working parties on IT crimes tofacilitate the development of strategies,technologies, and information on the latestIT crime methods. Interpol uses its globalpolice communications system to fight cybercrimes with the active participation of allmember countries.

The Computer Fraud and Abuse Act(1984) deals with a compelling federalinterest, where computers of the federalgovernment or certain financial institutionsare involved, the crime itself is interstate in

nature, or computers are used in interstateand foreign commerce. The CFAA wasamended in 1986, 1994, 1996, in 2001 bythe USA Patriot Act and by the IdentityTheft Enforcement and Restitution Act in

2008. The Computer Fraud and Abuse Act(CFAA) does not treat authorized personsand company insiders' negligence anddamage the same as outsiders. The non-authorized hackers are held liable for anydamages done while insiders are only heldliable for intentional damages. Anotherimportant point needed in legislation againstcyber crimes is provisions for broad

jurisdiction. For example, the VirginiaComputer Crime Act defines using a

computer or network within the State of Virginia as conferring jurisdiction inVirginia giving that state broad authoritysince the bulk of U.S. internet goes throughVirginia (Blakeley, 2008).

The intention behind the CybercrimeAct, 2001 of Australia was to criminalizeactivities such as computer hacking, denialof service attacks, spreading computerviruses and interfering with websites. TheAct has established the following acts asoffenses:

(a) Unauthorized access to ormodification of data stored in a computerwith intent to commit a serious offence

(b) Unauthorized impairment of electronic communication to or from acomputer with intent to commit a seriousoffence

(c) Unauthorized modification of data to cause impairment

(d) Unauthorized impairment of anelectronic communication

(e) Unauthorized access to, ormodification of restricted data, where therestricted data is either held for or on behalf of the Commonwealth or the access to ormodification of it is caused by means of atelecommunications service

(f) Unauthorized impairment of dataheld on a computer disk, etc.

(g) Possession or control of data withintent to commit a computer offence

(h) Producing, supplying orobtaining data with intent to commit acomputer offence.

India's Information Technology Act,2000 allows punishment for cyber crimessuch as hacking, damaging source code,electronic publication of obscene material,breach of confidentiality and privacy, andpublication of false digital signatures.However, this law was not adequate tocombat all present forms of cyber crimesand was primarily intended to foster e-commerce. The Information Technology


5/11


(Amendment) Bill, 2008 was drafted inorder to overcome the shortcomings of thatAct regarding threats which have come updue to the development of new technologies.It says that dishonestly receiving stolen

computer resource, identity theft, cheatingby impersonation by using computerresource and violation of privacy will resultin imprisonment up to three years apart froma monetary fine. Transmitting or receivingmaterial containing sexually explicit acts inelectronic form would be punishable byimprisonment of up to five years along witha monetary fine. It even enables anygovernment agency to interrupt, monitor ordecrypt any information generated,

transmitted, received or stored in anycomputer. It also stipulates lifeimprisonment for those indulging in cyberterrorism and empowers the government tointercept or monitor any information throughany computer resource in any investigationand block websites in national interest.

Iran has recently passed a cybercrime act that is effective since July 2009.The act consists of fines and penalties forviolation of data security, data integrity, andfraudulent data manipulation in computerand communication systems; storage,production or distribution of sexuallyexplicit content, violation of privacy ordistribution of individual or family relatedprivate content; distribution of falseaccusations; the unauthorized sale ordistribution of user id and passwords; anddistribution or sale of data, software orhardware meant for committing cybercrimes. It also forces internet serviceproviders to restrict the users' access tosexually explicit content, and to inform theauthorities regarding the existence of anysuch materials in the facilities to which theyprovide internet service. ISP providers alsohave to store data up until three months aftera subscription expires, and provide user IP'sto authorities. The act empowers theauthorities to seize media containing dataand/or computer related equipment orfacilities and computer systems. Moreover,the act empowers the authorities to tapinternet data that may be considered as athreat against national security or aninfringement on some individual's rights.

The recent attacks have led to theproposal of a bill in the United States thatwould empower the U.S. president to orderthe disconnection of any Federalgovernment or U.S. critical infrastructureinformation system or network for nationalsecurity.

5 Internet security

The World Wide Web is constructedfrom programs called Web servers that makeinformation available on the network. Webbrowsers can be used to access theinformation that is stored in the servers and

to display it on the user's screen. Anotheruse of the Web involves putting programscreated with a protocol called the CommonGateway Interface (CGI) behind Web pages,such as a counter which increments everytime a user looks at that page or a guestbook to let users sign in to a site. Manycompanies use the WWW for electroniccommerce. The World Wide Web posesprofound security challenges such as1- Possible unauthorized access to other files

in the computer system by taking advantageof bugs in the Web server or CGI scripts.2- Unauthorized distribution of confidentialinformation on the Web server.3-Interception of transmission of confidential information between the Webserver and the browser.4- Access to confidential information on theWeb client.5- Potential threat due to vulnerabilities of specially licensed software meant to combatinternet security issues.

As more corporate computer systemsbecome connected to the internet and moretransactions take place between computersystems, the identification and prevention of cyber misuse becomes increasingly critical.(Owens and Levary, 2006) presented anadaptive expert system for intrusiondetection that uses fuzzy sets with the abilityto adapt to the type and/or degree of threat.

There is a need for a more intuitive,automated systems-level approach todetermining the overall securitycharacteristics of a large network. Given thecomplex nature of security tools and theirgeneral lack of interoperability, it is difficultfor system designers to make definitivestatements about the nature of their network defense. (Rasche et al., 2007) presented anapproach for automatically verifying thecorrectness of cyber security applicationsthrough formal analysis guided byhierarchical models of the network, itsapplications, and potential attacks. Theyfocused on creating an environment inwhich security experts can model thesecurity aspects of complex networks usinga graphical notation that is intuitive andnatural for them, and automatically performsecurity activities such as formally verifyingthe safety of the network against knownthreats and exploring the network design forpotential vulnerabilities.

(Ruili et al., 2008) proposed anexpert system based malware detection that


6/11


integrates signature-based analysis andanomaly-detection using the CLIPS expertsystem development tool. They introducedanomaly-based detection into the malwaredetection process in order to overcome the

inability of signature-based detectionmethods to detect zero-day attacks andmalware which adopt circumventiontechniques to evade detection.

The importance of the threat of cybercrime as an expanding, global industry,operating in a major shadow economy thatclosely mimics the real business world, waspresented by (Ben-Itzhak, 2009) whostressed that the impact of cyber crime onpayment cards is being felt by firms holding

customer's credit and debit card details.Other criminals use Web sites tospread malware in order to steal personaldata or take over users' computers into abotnet. A botnet refers to a collection of software robots that can be used to sendspam or mount cyber-attacks against Websites and other Internet services. Spam leadsusers to online scams and phishing Webpages. Phising is the fraudulent attempt toacquire people's information like loginusername, passwords, and other financialinformation by disguising themselves as atrustworthy entity in an electroniccommunication. Phishers have beentargeting bank customers and onlinepayment services. Phishers try to determinewhich banks potential victims use. Socialnetwork sites have also been targeted byphishers since they contain personal detailsthat can be used in identity theft. Mostphishers use link manipulation to make alink in an e-mail appear as though it belongsto the spoofed organization. Common tricksused include misspelled URLs, mirroredweb sites or the use of subdomains. (Aaronet al., 2008) presented a panel discussion torespond to Internet threats and abuses withwhich Web site operators, Internet users,and online service providers are facing.

(Ryu and Na, 2008) presentedguidelines and definition of technology totrack and locate the source of attackingprograms and present the prerequisite factorsfor networking considering trackingtechnologies for counter-cyber attacks toprogram developers including securitycompanies. They also presented trace back scenarios under various networking domainenvironment allowable for cyber attacks anddescribed the required factors for tracing theattacking origins as well as other generalthings viewed from program requesters.(Downs et al., 2009) studied Chicagoresidents' knowledge about Internet securityand their utilization of prevention and

detection tools. Using hierarchical linearmodels, they conclude that there aresignificant gender, race, age, and communitydifferences in knowledge about firewalls,spyware, phishing and data encryption and

the utilization of tools such as anti-virusprograms, pop-up blockers and parentalcontrol software. They hoped their findingscould be used by experts to identify thosepeople that may be more susceptible tocyber victimization.

There is a growing trend of developing automatic vulnerability analysistools that utilize the model of network configurations and vulnerabilities. With thistool, network administrators can analyze the

effects of vulnerabilities on the network anddetect complex attack scenarios before theyactually happen. (Shahriari et al., 2008)presented a general logic-based framework for modeling network configurations andtopologies, modeled several important andwide-spread network vulnerabilities asgeneral inference rules and implemented theapproach using an expert system to analyzenetwork configurations and detect how anattacker may exploit chain of vulnerabilitiesto reach his goal. Their model can simulatemajor parts of Denial of Service attacks.Common recommendations for cyber safetyare as follows:1- Use of antivirus software on the system2- Use of firewall on the system3- Frequent change of passwords4- Frequent scanning against spyware5- Maintaining backup of your importantwork 6- Installing system software patches7- Removal of unnecessary software

However, common security methodsare outdated with the advent of new methodsby cyber criminals who take the initiative toset the strategy of attacks. (Amit, 2009)noted that cyber crimes are not random andfollow world events and seasonal trends. Hesuggested adopting an anticipatory securitystrategy to help close vulnerabilities.

6 Intrusion detection systemsIntrusion detection was first studied

by analysis of computer system audit data.Intrusion detection systems (IDS) aresoftware and/or hardware solutions meant todetect unwanted attempts at accessing,manipulating or disabling computer systemsthrough networks. An IDS consists of several components including sensors togenerate security events, a console to controlthe sensors and monitor events and alerts. Italso includes a central engine to recordsensed events in a database. The IDS uses a


7/11


system of rules to generate alerts fromsecurity events received.

It is very likely that an intruder whobreaks into a computer system may behavemuch different from a legitimate user. (Lunt

et al., 1990) designed and developed a real-time intrusion-detection expert system(IDES) that observes user behavior on oneor more monitored computer systems andflags suspicious events. It monitors theactivities of individual users, groups, remotehosts and entire systems to detect suspectedsecurity violations. Themain feature of IDESis that it adaptively learns users behaviorpatterns over time and detects any deviationfrom this behavior. Their next step was the

development of NIDES that performs real-time monitoring of user activity on multipletarget systems connected via Ethernet toanalyze audit data collected from variousinterconnected systems and search forunusual and/or malicious user behavior.Their previous efforts have finalized into theEMERALD project representing researchand development of systems andcomponents for anomaly and misusedetection in computer systems and networksincluding:

Scalable Network Surveillance High-volume Event Analysis Light-weight Distributed Sensors Generic Infrastructure and PluggableComponents Easy Customization to New Targets andSpecific Policies

Popular Intrusion detection systemsinclude Snort as an open source IDS,OSSEC HIDS as an open source host basedIDS, Fragroute as a network intrusiondetection evasion toolkit, BASE as a basicanalysis and security engine, and Sguil asthe analyst console for network securitymonitoring.

The most popular of these is Snortthat is an open source network intrusionprevention and detection system (IDS/IPS)developed by Sourcefire. It can performreal-time traffic analysis and packet loggingon IP networks. Snort can also performprotocol analysis and contentsearching/matching, detect a variety of attacks and probes, such as buffer overflows,stealth port scans, CGI attacks, SMB probes,and OS fingerprinting attempts. Snort uses aflexible rules language to describe trafficthat it should collect or pass plus a detectionengine that utilizes a modular plug-inarchitecture. OSSEC is an Open SourceHost-based Intrusion Detection System thatperforms log analysis, file integritychecking, policy monitoring, rootkit

detection, real-time alerting and activeresponse. OSSEC runs on most operatingsystems. Fragroute has a simple rulesetlanguage and it can delay, duplicate, drop,fragment, overlap, print, reorder, segment,

source-route, or otherwise monkey with alloutbound packets destined for a target host.It has minimal support for randomizedbehavior.

Intrusion detection is anindispensable part of cyber security. (Bhatiaet al., 2008) presented the integration of Host-based Intrusion Detection System(HIDS) with existing network baseddetection on Gen 3 Honeynet architectureinvolving the stealth mode operation of

HIDS sensor, code organization to generateHIDS alerts, enhancement of thefunctionality of data fusion, and furthervisualization on Graphical AnalysisConsole.

Cyber security professionals and theFBI estimate that the global hacker criminaleconomy is worth at least $10bn annually,causes $100bn in annual damage, and has upto 30 percent growth rate. (Gilman, 2009)reported that under these circumstances,millions of people are participating in aglobal hacker culture. There is an everincreasing growth of cyber attack tools.(Dwyer, 2009) reported that cyber attacksfrom the United States and China are on therise. Online transactions are one of the maintargets of cyber attacks since million of dollars of transactions are done online everyday (Rodrigues, 2009).

Technological measures to combatcyber crimes include measures such aspublic key cryptography, digital signatures,firewalls and honeypots. On the other hand,cyber forensics is needed in order toidentify, preserve, analyze and presentdigital evidence in a legally acceptablemanner in the courts of law. Legislation andlegal enforcement should also be improvedto combat cyber crime.

Critical infrastructures may also besubjected to cyber threats and should besafe-guarded. Such operations ascommunications, government andemergency operations, gas and oil supplyand delivery operations, water andelectricity supplies and transmission anddistribution systems, transportation, bankingand financial actions are all subject to cyberthreats and should be security hardened.Competing schemes for security-hardeningthe power grid have different installationcosts and coverage which they provideagainst cyber attacks. Since finding anoptimal solution is an NP hard problem,(Anwar et al. 2009) presented a dynamic


8/11


programming solution to the problem of maximizing overall network security under afixed budget constraint and implemented italong with logic-based models of the powergrid. The feasibility of the tool chain

implementation was demonstrated bysecurity hardening the IEEE power system118-bus test case from a pool of fivedifferent best practice schemes.

7 Cyber security standardsThere is a growing need for

information assurance and security sincesensitive information is often stored incomputers that are attached to the internet.In addition to critical infrastructures,

personal identity, important fiscalinformation, trade secrets, proprietaryinformation and customers' informationmust also be safeguarded against possiblecyber attacks. Cyber security standards aredeveloped to provide security techniques inorder to minimize the number of successfulcyber attacks and provide guidelines forimplementation of cyber security.

The British Standards Institutepublished BS 7799 in 1995. This standardwas revised several times and was finallyadopted as ISO/IEC 17799 - "InformationTechnology - Code of practice forinformation security management" - in 2000.It was later revised and named ISO/IEC27002 in 2007. The second part of BS7799known as BS 7799 Part 2 titled "InformationSecurity Management Systems- Specification with guidance for use"focused on how to implement anInformation security management systemreferring to the information securitymanagement structure and controlsidentified in BS 7799-2. BS7799 Part 3 waspublished in 2005, covering risk analysisand management.

8 Network forensicsDigital and network forensics deals

with discovering and retrieval of informationabout computer or cyber crimes to providecourt-admissible digital evidence. Theproblem in network forensics is the hugenetwork traffic that might crash the system if the traffic capture system is left unattended.Kim et al. (2004) proposed a fuzzy logicbased expert system for network forensics toanalyze computer crimes in networkedenvironments and automatically providedigital evidence. The proposed system canprovide analyzed information for forensicexperts to educe the time and cost of forensic analysis.

Reliability and scalability of real-time processing is a major need on anyintrusion detection system. In addition to thereinforcement of security policies,development and use of antispam, antivirus

software, firewalls as means to combat cybercrimes, there is a serious need for thedevelopment and implementation of reliableand scalable hardware data securitycontrollers. (Peiravi and Rahimzadeh, 2009)proposed a scalable high performancecontent processor for storage disks to beinstalled in any host using a new architecturebased on Bloomier filters as an interfacebetween the hard disk and the system busplus a novel and powerful exact string

matching architecture to search for severalthousand strings at very high rates.

9 ConclusionsThe paradox between internet

security and cyber crime is due to the factthat both the researchers in the area of internet security and the cyber criminalshave access to and benefit fromtechnological advances. As some progress ismade in the area of internet security, cybercriminals make other advances and findnewer ways to pose new cyber threats. Evenin some cases, they hide behind cybersecurity tools and seem to the internet userto be there to assist them, while indeed theyhave their own malicious intentions.International cooperation and legislation tocombat cyber crimes plays a vital role inhindering criminal intentions. However,more work needs to be done to reinforceinternet security through the development of reliable and scalable hardware/softwaresecurity tools, as well as educating thepublic internet users as to ways to bestprotect themselves.

AcknowledgementI would like to thank the Office of

Vice Chancellor of Research andTechnology of Ferdowsi University of Mashhad for the Grant No. 4270 (1388/4/28)Project to support the study that has resultedin the preparation of this manuscript.


9/11


References[1] Aaron, G., Bostik, K. A. Chung, E. Rusmussen,

R., (2008), "Protecting the web: Phishing,malware, and other security threats", Proceedingof the 17th International Conference on WorldWide Web 2008, WWW'08, pp. 1253-1254.

[2] Amit, I. I., (2009), "The attack almanac",Engineering and Technology, 4 (1), pp. 68-69.

[3] Anwar, Z. Montanari, M. Gutierrez, A.,Campbell, R. H., (2009), "Budget constrainedoptimal security hardening of control networksfor critical cyber-infrastructures", InternationalJournal of Critical Infrastructure Protection 2(12), pp. 13-25.

[4] Ben-Itzhak, Y., (2009), "Organised cybercrimeand payment cards", Card Technology Today2009 (2), pp. 10-11.

[5] Bhatia, J. S. Sehgal, R. Bhushan, B. Kaur, H.,(2008), "Multi layer cyber attack detectionthrough honeynet", Proceedings of NewTechnologies, Mobility and Security Conferenceand Workshops, NTMS 2008.

[6] Blakeley, C. J., (2008), "Cybercrime law:international best practices", Doha InformationSecurity Conference, Doha, Qatar, June 10-11,2008.

[7] Downs, D. M., Ademaj, I., Schuck, A. M., (2009),"Internet security: who is leaving the 'virtual door'open and why?", First Moday, Vol. 14, No. 1-5.

[8] Dwyer, D., (2009), "Chinese cyber-attack toolscontinue to evolve", Network Security 2009 (4),pp. 9-11.

[9] Gilman, N., (2009), "Hacking goes pro:",

Engineering and Technology, 4(3), pp.26-29.[10] Jenik, A., (2009), "Cyberwar in Estonia and theMiddle East", Network Security, 2009 (4), pp. 4-6.

[11] Kim, J., Kim, D., Noh, B., (2004), "A fuzzylogic based expert system as a network forensics",Proceedings of the 2004 IEEE InternationalConference on Fuzzy Systems, Vol. 2, 25-29 July2004, pp.879-884.

[12] Lunt, T. F., Tamaru, A. Gilham, F. Jagannathan,R.Neumann, P. G. Jalili, C., (1990), "IDES: Aprogress report", Proc. of the Sixth AnnualComputer Security Applications Conference.

[13] Owens, S. F., Levary, R. R. (2006), "Anadaptive expert system approach for intrusiondetection", International Journal of Security andNetworks, Volume 1 , Issue 3/4, pp.206-217.

[14] Peiravi, A., Rahimzadeh, M. J., (2009), "A novelscalable and storage-efficient architecture for highspeed exact string matching", accepted forpublication in ETRI Journal.

[15] Qi, M. Wang, Y. Xu, R., (2009), "Fightingcybercrime: Legislation in China", InternationalJournal of Electronic Security and DigitalForensics 2 (2), pp. 219-227.

[16] Rasche, G., Allwein, E., Moore, M., Abbott, B.,(2007), "Model-based cyber security",Proceedings of the International Symposium andWorkshop on Engineering of Computer BasedSystems, pp. 405-412.

[17] Rodrigues, B., (2009), "The cyber-crime threatto online transactions", Network Security, 2009(5), pp. 7-8.

[18] Ruili, Z., Jianfeng, P., Xiaobin, T., Hongsheng,X., (2008), "Application of CLIPS expert systemto malware detection systems", Proceedings of theInternational Conference on ComputationalIntelligence and Security, pp.309-314.

[19] Ryu; J. Na; J., (2008), "Security requirement forcyber attack traceback", Fourth InternationalConference on Networked Computing and

Advanced Information Management, 2008. NCM'08. Volume 2, 2-4 Sept. 2008 pp.653 658,

[20] Shahriari, H. R., Ganjisaffar, Y., Jalili, R.,Habibi, J., (2008), "Topological analysis of multi-phase attacks using expert systems",Journal of Information Science and Engineering24 (3), pp. 743-767.

[21] Sinrod, E. J., Reilly, W. P., (2000), "Cybercrimes: a practical approach to the applicationof federal computer crime laws", Santa ClaraComputer & High Technology Law.


10/11


My summary :

The paradox between internet security and cyber crime is due to the fact that both the

researchers in the area of internet security and the cyber criminals have access to and benefit

from technological advances. As some progress is made in the area of internet security, cyber

criminals make other advances and find newer ways to pose new cyber threats. Even in some

cases, they hide behind cyber security tools and seem to the internet user to be there to assist

them, while indeed they have their own malicious intentions. International cooperation and

legislation to combat cyber crimes plays a vital role in hindering criminal intentions. However,

more work needs to be done to reinforce internet security through the development of reliable

and scalable hardware/software security tools, as well as educating the public internet users as to

ways to best protect themselves.

Any sophisticated technology if it is not accompanied by the ethics of usage will result in

the abuse that can harm others. Even though the height of sophistication of any statute or law to

regulate violations do not occur, if people want there must be a gap that can be used. Everything

is back on the ethics of each individual.

As a user of the technology should not be too kind thought, beware of evil, do not give

chance to others to do evil, remember "not only because there are evil intentions but because

there is a chance the culprit. Beware...beware!

Cyber Crime in the global community of Internet users is a matter that can be consciously

or unconsciously, intentionally or unintentionally done. This happens because the technological

development of information and level of intellect / intelligence community is increasing. Internet

itself is also a factor causing the virtual grapevine grapevine-internet users to go on and keep

looking and trying.

Computer abuse both as subject, object, tool or as a symbol would have become a

scourge of its own for traffic safety association between internet service users. Among the

various forms of cyber crime the most disturbing is the manipulation of the computer as part of

computer-related economic crimes, and to copy and sell copies of unauthorized computer

software.


11/11


Ultimately what is needed is an increase in cyber security factors that can come from

service providers and information, and above all must come from the readiness of the law and its

enforcement.

journal internet security-cyber crime paradox

Documents