SOME PROMINENT CASES IN CYBER CRIME/FACEBOOK CRIME

His cyber name was ‘penetrator’ and he lived up to it. In July 2010, he hacked President Asif Ali Zardari’s website, pasted the president’s head on the body of a dancing girl, and inserted dirty jokes on the web page.

Given the nature of this crime, the Federal Investigation Agency (FIA) was soon on its toes. The matter gained greater urgency because the incident occurred during a cyber war between Indian and Pakistani hackers. Two days later, the hacker was arrested. He maintained his act was ‘innocent’, and he did it just ‘for fun’. The hacker was found at a mobile phone shop in the Pindigheb area in northern Punjab, and it was reported that he was traced through his PTCL broadband connection and email id.

In 2009, there was a case where Rehman Malik’s website was hacked. The hackers left a message, “we don’t need such ministers”, with their names underneath. They also left a message saying “Pakistan Zindabad”. The move came after the former interior minister had launched a website, Facebook page, a Youtube channel, My Space and Friendster accounts, along with a fortnightly presence to chat with the public.

On September 27, 2011, the Supreme Court website was hacked. The hacker left an ideological message to the Chief Justice Iftikhar Chaudhry. “I am here to request you to go out and help the poor, needy and hungry. They don’t have money to eat one-time meal, they don’t have clothes to wear, and they don’t have accommodation … sitting in your royal chair won’t make any changes to our Pakistan,” the message read. They also demanded the Supreme Court to take a suo moto notice against the Pakistan Telecommunication Authority and ban pornographic websites.

In 2010, two young boys from Kohat had hacked the Supreme Court website and left derogatory remarks against the judiciary and chief justice. They were caught but let go because they were under 18 years of age.

“Cases where politician’s website are involved are quiet common. There are others where fake profiles and ids are used. An impostor poses as someone and uses the account to defame an individual,” explained an official at the FIA.

With the advent of social media, family feuds often take to the virtual world. In one such incident, a famous industrialist Fazal Dadabhoy, launched a complaint with the FIA over a Facebook user who used a picture from a lady in his family to defame her. After a detailed investigation and technical assistance, the culprit was traced to a location in the Defence Housing Authority. It turned out he was a habitual cyber criminal who at that time was using at least three Facebook ids to defame women of well reputed families. A raid was conducted but the culprit had disappeared along with his family leaving behind a laptop and a mobile phone.

Yet another incident involved an employee of the Karachi Water and Sewage Board who was blackmailing its managing director by sending him threatening emails. The culprit was a chief engineer at the KWSB and he was released on a bail of Rs 20,000 by the sessions court.

In one of the cases, a school in Islamabad was targeted, where the criminal targeted Facebook ids of female students. He would make fake profiles, mention their personal mobile numbers and tag them as ‘call girls’. The culprit was traced to a travel agency, after the FIA obtained Basic Subscriber Information (BSI) from Facebook, and then traced the Internet Protocol (IP address).

CURBING CYBER CRIME

FEATURE
CURBING CYBER-CRIME

Recently, the FIA cyber-crime circle has successfully kicked off on operation to expose elements involved in creating fake accounts to blackmail people on the net. However, the lack of clear laws is hampering their progress. Kolachi investigates.

Every new innovation brings with it great advantages but also some disadvantages.  With countries becoming more and more connected and the emergence of a new cyber world, many important transactions, both business and private, are now carried out online. As a result, the rate of cyber crimes has also risen rapidly over the years.

This global phenomenon now applies to Pakistan too. According to an estimate, there are more than 20 million Internet users in Pakistan. Since Karachi is the country’s largest and most advanced metropolis, its share of people online is huge, going into the millions. This vast network creates strong threats and vulnerabilities and encourages cyber-crimes. In our country, where cyber crimes laws are unclear it requires awareness at all levels to combat the menace.

In 2011, there were 200 cases of cyber-crimes reported, including the hacking of websites, tracing of emails and frauds through the Internet and mobile phones. This included 68 incidents reported of women being harassed online. Cases were registered against persons who were allegedly involved in hacking the email accounts of women, using their personal details and pictures on social networking sites, sending them abusive, obnoxious and obscene emails.

The most common complaints received from women by the National Response Centre for Cyber Crimes (NR3C) involved the hacking of their emails and creating fake profiles of them. Mostly young people are involved in these sorts of cyber-crimes and cyber bullying. Experts believe that many young men are driven to such crimes out of frustration, without realising the traumatic consequences what the victim and her family will face socially and personally.

Earlier this year, the FIA cyber-crime circle in Karachi successfully kicked off a successful operation to unearth some unscrupulous elements that were involved in creating fake Facebook accounts and placing photos of women online to blackmail them.

In most cases, the girls who become the victim leave themselves at the mercy of the criminals as they fear telling their parents about it. Due to the lack of cyber-crime legislation, such harassment, cyber-bullying and online stalking has grown over the years. Without being unaware of the dangers, many girls and young women upload their pictures on social websites without proper privacy settings, and only realise their mistake later when they fall victim to unscrupulous criminals.

In our society, the honour of the family has traditionally been intricately tied around women; if a woman is attacked, the entire family’s honour is attacked. The easiest way to harass women in this kind of traditional culture is to threaten them and ‘dishonour’ them by spreading their pictures online Despite the massive rise in the number of people going online in Pakistan, Internet users are still unaware of fighting back through legal means when they find themselves under cyber-attack.

Keeping in mind such concerns, a department was created to solve the problems regarding computer and technological crimes. The Federal Investigation Agency NR3C, which is equipped with technical investigators, legal advisors, computer forensic experts and computer forensic labs, is here to help the citizens with their issues regarding cyber-crime.

NR3C is working under the Electronic Transaction Ordinance (ETO) 2002, a first of its kind IT-relevant legislation designed by policy-makers. Originally it was meant for the violation of privacy of information and damage to information systems but now it is used for all kinds of crimes related to cyber space.

An official at the FIA cyber-crime cell, on the condition of anonymity, however points out some of the inadequacies of the law:  “The ETO law we have is not sufficient to deal with cyber crimes”. The success rate, he believes, was better with Prevention of Electronic Crime Ordinance (PECO) which was introduced in 2007 ‘as it empowered us’. The ordinance dealt with almost every type of cyber activity for e.g. electronic crimes, including cyber terrorism, data damage, electronic fraud, and electronic forgery, un-authorized access to code, cyber stalking and cyber spamming While talking about the nature of cases that are registered at the cell, he said that hacking email address, hacking and illegal access of websites, misuse of information on the Internet, threatening and abusive messages and emails, bank credit card frauds, fraud through mobile messages regarding the winning of prize money or vehicle, mobile phone threatening through SMS and calls as well as stealing social accounts and then using them for blackmailing purpose are mostly reported.

The cyber criminals are mainly involved in committing frauds, stealing identities, violating privacy and blackmailing people and till now more than 50 cases have been registered at the Cyber Crime Cell Karachi and the investigation in every case has almost reached maturity, the official asserted.

When asked how in a city of millions of users, there are only a handful of  complaints lodged, the official said the unwillingness of cyber-crime victims to report their cases is one of the major hurdles in the way of investigations and action against hackers and criminals. Secondly, the complains lodge against blackmailing and harassing are mainly from women and due to societal taboos most women fear registering cases and most crimes go unpunished.

Most of the cyber crime victims do not report incidents of Internet crime to investigators due to several reasons including fear of loss of face. Three female university students who recently became victims of cyber-crime only reported the incident to their families, leaving the criminals free to harass them.

Faiza*, Shagufta* and Ayesha* went to a restaurant for lunch with friends and took some pictures. After coming back home, when Faiza and Shagufta asked for the pictures Ayesha emailed them to her friends but unfortunately the same day Faiza’s email was hacked. She made a new account as she thought there was nothing serious about the hacking. But the hacker had other ideas in mind.

After a few months, Ayesha and Shagufta got a message from the same hacked email of Faiza asking them for favours and blackmailing them, with a warning that if they did not meet his demands, their pictures will be uploaded on social websites. Since there was nothing obscene in them and after they discussed the matter with their families, they were asked not to reply and let the hacker do what he wanted.

Shehzad Ahmed, Country Coordinator Bytes for All, an NGO working to safeguard digital security, online safety and privacy, said: “Currently, we have no cyber law to curb cyber-criminal activities. Since women are mostly the target of cyber bullies and cyber criminals, their personal and social lives are at risk, as their accounts are hacked and then their pictures are uploaded on their Internet which creates problems for them”.

He said, “A law should be made to ensure individual privacy and protection, especially for women. Secondly, awareness should be spread on a massive scale so that every user should know their rights if any mishap happens to them”.

“People involved in immoral activities like blackmailing and harassing women on the Internet are sometimes deeply frustrated and driven to commit these crimes”. Dr. Saleem Ahmed, a consultant psychiatrist, said, “Awareness is the only way to educate these sorts of people. Surely, they too must have mothers, sisters and daughters and education and counseling might temper their frustration”.

* Names have been changed to maintain privacy

CYBER-CRIME LAWS AND THEIR INEVITABLE WEAK BITES

A comprehensive article that touches on cyber-crime laws, the limits to overcoming cyber-crime and the opportunity in the collective security of the human race.

With the advent of the computer age, legislatures have been struggling to redefine the law to fit crimes perpetuated by computer criminals. This crime is amongst the newest and most constantly evolving areas of the law in many jurisdictions. The rise of technology and online communication has not only produced a dramatic increase in the incidence of criminal activity, it has also resulted in the emergence of what appears to be some new varieties of criminal activity. Both the increase in the incidence of criminal activity and the possible emergence of new varieties of criminal activity pose challenges for legal systems, as well as for law enforcement.

The news said that another person had their identity stolen. It happened again. You might even know of someone that had it happen to them. We often hear of percentages - and they are surprisingly high. Enforcement is taking place, but we have to wonder if computer crime laws are really having any effect against cyber crime.

Defining Cyber Crime.

Computer crime refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Net-crime refers to criminal exploitation of the Internet. Cyber-crimes are defined as: "Offenses that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)"

Hacking has a rather simple definition to it. Basically it is defined as the unauthorized use of a computer - especially when it involves attempting to circumvent the security measures of that computer, or of a network. 

Beyond this, there are two basic types of hacking. Some only hack because they want to see if they can do it - it is a challenge to them. For others, however, it becomes an attack, and they use their unauthorized access for destructive purposes. Hacking occurs at all levels and at all times - by someone, for some reason. It may be a teen doing it to gain peer recognition, or, a thief, a corporate spy, or one nation against another. 

Effectiveness of Computer Hacking Laws.

Like any other law, the effectiveness must be determined by its deterrence. While there will always be those that want to see if they can do it, and get away with it (any crime), there are always the many more who may not do something if they are aware of its unlawfulness - and possible imprisonment. 

In the early 1990's, when hacker efforts stopped AT&T communications altogether, the U.S. Government launched its program to go after the hackers. This was further stepped up when government reports (by the GAO) indicate that there have been more than 250,000 attempts to hack into the Defense Department computers. First there were the laws - now came the bite behind it. One of the effects of computer hacking brought about focused efforts to catch them and punish them by law. 

Then, more recently, the U.S. Justice Department reveals that the National Infrastructure Protection Center has been created in order to protect our major communications, transportation and technology from the attack of hackers. Controlling teens and hackers has become the focus of many governmental groups to stop this maliciousness against individuals, organizations, and nations.

One of the most famous for his computer crimes hacking was Kevin Mitnick, who was tracked by computer, and caught in 1995. He served a prison sentence of about five years. Others have likewise been caught. Another case is that of Vasily Gorshkov from Russia, who was 26 years old when convicted in 2001. He was found guilty of conspiracy and computer crime.

Other individuals have also been found guilty and sentenced -and many others remain on trial. If you are one who pays much attention to the news, then you know that every now and then, you will hear of another hacker that has been caught, or a group of hackers that have been arrested because of their criminal activities. The interesting thing is that it is often others who had learned hacking techniques, and are now using them to catch other criminal hackers. 

Another criminal hacker, who called himself Tasmania, made big news when he fled Spain on various charges of stealing into bank accounts online, and banks, and went to Argentina. There he went into operation again. He was quickly tracked to Argentina, and the governments of Spain and Argentina went after him with surveillance, first. Before long, he was arrested, along with 15 other men, and was then extradited back to Spain (in 2006) where he could face up to 40 years in prison.

The simple truth is, these criminal hackers/cyber attackers get smarter everyday and they do everything possible to cover their tracks, making it difficult to find or locate them. We can’t help but wonder if this computer crime laws have any impact on the rate of computer crimes being committed day after day. We wonder if the existing laws in place are adequate tocombat cyber crime and consequently if amendments need to be put in place.

Today, criminal organizations are very active in the development and diffusion of malware that can be used to execute complex fraud with minimal risks to the perpetrators. Criminal gangs, traditionally active in areas such as human or drug trafficking, have discovered that cyber-crime is a lucrative business with much lower risks of being legally pursued or put in prison. Unethical programmers are profitably servicing that growing market. Because today’s ICT ecosystem was not built for security, it is easy for attackers to take over third party computers, and extremely difficult to track attacks back to their source. Attacks can be mounted from any country and hop through an arbitrary number of compromised computers in different countries before the attack reaches its target a few milliseconds later. This complicates attribution and international prosecution.

THE ALARMING RISE IN CYBER CRIME

While sitting in the comfort of your room, some internet hackers, popularly called Yahoo boys in Nigeria, are probably sitting in the comfort of a cyber cafe prying into your privacy and using your email to scam friends and associates. Cyber-crime is an evil act many Nigerians might not even be aware of. But with emerging ICT trend in Nigeria, cyber-crime is taking a scary dimension. It is indeed the emerging nightmare in the country. Michael Oche writes.

From Nigeria’s Defence Headquarters, to the Nigerian Communications Commission (NCC), to the Economic and Financial Crimes Commission (EFCC), every Nigerian security agency is getting increasingly worried with the emerging threat of cyber-crimes in the country. Yet, the public is kept in the dark about how much risk is involved in these crimes.

Many businesses are going online and Nigerians have been encouraged to embrace mobile and internet banking, while the government is also embracing e-payment system. But the question remains; how safe are the users of these services?

Cyber-crimes are defined as offences that are committed using modern telecommunication networks, such as Internet and mobile phones. Such crimes may threaten a nation’s security and financial health of a country. For instance, the cost of global cyber-crime is set at US$110 billion annually.

In Nigeria, email addresses and phones belonging to highly-placed officials, including state governors, have been hacked, just to prove that the hackers are no respecter of status.

It is common place for banks to send accounts information including account balance via short message service (SMS) to mobile phones or emails. While this practice may appear convenient, it brings to bear huge security risks, as sensitive account information can easily get in the wild and harvested by organised criminals to conduct intelligent and sophisticated fraud.

Check shows that Cyber-crimes are in the increase and Nigeria is becoming prone to the emerging ugly trend. In the past, yahoo boys gave Nigeria a bad international reputation with their tricks of sending love messages to potential victims and later duping them of substantial amount. But cyber-crime is a more organised crime and involves billions of naira.

IT experts even warned that Nigerian banks are susceptible to sophisticated attacks, where cyber criminals circulate email scams that deceive people into believing that they are being contacted by their banks to submit their account credentials, such as account number, PIN number, or password.

The contents of these emails always contain a link to a bank’s website, which has been rebadged (copied and modified) by these criminals, often a bank’s website has embedded HTML or URL redirected to a rogue website where people’s account credentials are used to siphon huge sums of money from their accounts and those of other accounts that have been compromised.

These criminals have started to clone debit and credit cards, since most Nigerian banks now offer ATM cards, experts also warned.

There is no gainsaying hackers are becoming more sophisticated. And with the emergence of portable electronic devices (PEDs) such as smartphones, iPhone, Blackberry and iPad, which can now be used to carry out significant financial transactions, and given the ubiquity of smartphone in Nigeria today, cyber-crime would become overwhelming if adequate protection is not provided to ICT systems and networks in Nigerian banks and government systems.

Last Tuesday, ahead of a planned three-day World Cyber Conference aimed at identifying challenges associated with cyberspace, cash-less economy, and space resources; the Defence Headquarters declared that it is set for war against cyber-crimes in Nigeria.

The Chief of Defence Communications, Ndubuisi Amu, told journalists in Abuja that the conference is aimed at increasing knowledge and awareness on the latest development in cyber-crimes and its threats to national security.

The involvement of the defence hierarchy goes to show that indeed Nigeria is under threat of cyber-crime. And for those who have any hesitation of how important cyber-crime is, they were cleared of any doubt when personnel records of former and current operatives of the State Security Service (SSS), including home addresses and names of immediate family members, were leaked on the Internet, along with a message threatening SSS operatives last week.

It was a big embarrassment to the nation’s security, but it confirmed that the Nigerian security needs to be updated in the emerging ICT trend and its security threats. Nigeria does not have a cyber security law yet, despite several promises by the government to pass the law.

The Nigerian Communications Commission (NCC) also said it has intensified the war against cyber-crime in the country through the improvement of its type approval process.

The Executive Vice Chairman of the commission, Dr. Eugene Juwah, who made the commitment at a conference on the Regulatory Imperatives for Cybercrime and Cyber Security in Nigeria, admitted that: “The real concern is not just with the dissemination of inaccurate or misleading information, but above all, with malicious content. Fraud, theft and forgery exist online just as they do offline. If users are to benefit from full advantages of the Internet, then confidence in the infrastructure is primary and of utmost importance.”

He also said that “cyber threats such as malware and attacks are becoming extremely sophisticated. This is especially true with the increased presence of organised criminal groups online. The Internet has ceased to the domain of the technically competent.”

In the past, the Economic and Financial Crimes Commission (EFCC) had raided cybercafes to arrest fraudsters associated with sundry Internet crimes. Recently, the commission said it had arrested 288 persons associated with Internet fraud.

However, experts say fighting cyber-crimes go beyond raiding cybercafés. It requires a holistic approach.

In the last couple of days, more Nigerians say they have had their emails hacked. Recently, the Niger State Governor, Babaginda Aliyu, was shocked to discover that his email account had been hacked, and used to send messages begging for assistance from many of his contacts, proving the saying that “with the yahoo boys, there is no respect of persons.”

The message sent from Gov. Aliyu’s account was: “Urgent assistance.” It read:
“I didn’t tell you about our travel to Spain for a short vacation, but unfortunately, we were robbed at the hotel where we lodged along with other folks. We didn’t bring our phones here and the hotel telephone lines were disconnected during the incident. So, I have access to only e-mail.

“Please, I’m going to need some sort of loan from you for us to relocate to another hotel close to the embassy, and to get us another flight ticket…Please, let me know if you can help us out. I’m looking forward to hearing from you.”

Governor Aliyu denied ever sending such a mail, and described the hackers as “unscrupulous.”

Governor Babatunde Fashola of Lagos State was also reported to have recently alerted the public that his phone was hacked by scammers who sent text messages to his cabinet members, urging them to pay an amount of money into a certain Skye Bank account.

Telecom Companies in the World

TELECOM COMPANIES IN THE WORLD

1	Regulatory Authority for Telecommunications Industry U.K., United Kingdom
2	World Trade Organisation (WTO), Switzerland
3	Telecommunications Regulatory Authority of Srilanka, Srilanka
4	Telecom Regulatory Authority of India (TRAI), India
5	South African Telecommunications Regulatory Authority (SATRA), South Africa
6	Organisation for Economic Cooperation and Development (OECD), France
7	Office of the Telecommunication Authority (OFTA), Hong Kong
8	National Telecommunications Commission, Philippines
9	Nepal Telecommunication Corporation, Nepal
10	National Telecom Agency, Denmark
11	Ministry of Information & Telecommunications, Korea
12	Ministry of Posts, Telegraph & Phone, Iran
13	Ministry of Works, Fiji
14	Malaysian Communications and Multimedia Commission, Malaysia
15	Ministry of Public Management, Home Affairs, Post and Telecommunications (MPHPT), Japan
16	International Telecommunication Union (ITU), Switzerland
17	Information Society Project Office (ISPO), Belgium
18	Info-Communications Development Authority (IDA), Singapore
19	Hungarian Communications Authority, Hungry
20	Gibraltar Regulatory Authority, Gibraltar
21	Federal Communications Commission (FCC), U.S.A.
22	Federal Office for Communications (BANKOM-OFCOM), Switzerland
23	European Telecommunications Standard Institute (ETSI), France
24	Canadian Radio and TV Commission (CRTC), Canada
25	Bangladesh Telegraph and Telephone Board, Bangladesh
26	Autorite de Regulation des Telecommunications (ART), France
27	Australian Communications Authority, Australia
28	Wateen Telecom (Pvt) Ltd
29	Ufone
30	Mobilink
31	Telenor
32	Warid Telecom
33	Pakistan Telecommunications Mobile Limited (PTML - Ufone)
34	Pakistan Telecommunications Company Limited (PTCL)
35	Telecom Foundation (TF)
36	Carrier Telephone Industries (CTI)