Today more than ever humans are interconnected with technology. We look around and everywhere we walk, we see people looking down at their cellphones. Especially on a college campus, laptops seem to be a device that everyone has. While cell phones, laptops, and other forms of technology can be very advantageous, a vast number of disadvantages lie alongside of them. One of the most glaring of these is Cyber Crime. Cyber Crime is an act of criminal activity taking place through technology including identity theft, violation of privacy, fraud, blackmail and much more. With the use of technology, committing cyber crimes can be easier than committing a physical crime. How then do we protect ourselves from these cyber criminals? The truth is that we cannot fully protect ourselves. There will always be hackers ahead of the game that are able to find ways to get into our systems. However, there are some ways to better protect ourselves. Looking at cyber crime from different angles like data theft, combating cyber crime, spying with drones, and cyber stalking will help us get a better understanding of cyber security as a whole and hopefully help us better prevent it in the future.

Data Theft

            Data theft is just one example of how hackers are using technology to get into the personal lives of people. Data theft is the source for many problems especially with credit cards. One example of this was the Target security breach that happened during Thanksgiving of 2013 when over seventy million customers had their data stolen. This not only affected the customers but also the company. People began to lose trust in the security of Target as well as started taking their business elsewhere out of fear that their card might get compromised. As a result of this, the sales and profit of Target started to decline. To try to refute their loss of customers, Target offered a year free of credit and guaranteed identity theft monitoring to try and win back the trust of their customers. Until the Target security breach happened, there had not been a cyber attack like that since 2007 when records were stolen from TJX Companies such as TJ Maxx. These attacks also caused the company to spend millions of dollars in security measures or investigation to make sure this doesn’t happen again. The hackers caused TJX Companies over one-hundred and thirty 2 million dollars because they took extra steps for investigating the issue and upping security measures (Kuchler, 2014).

Another company that had a big break in security was Home Depot. Their breach was the second biggest in history behind Target’s, and just like Target they offered their loyal customers free identity protection and credit monitoring if they had a credit card within the company. This breach also caused stock with Home Depot to decline by two percent. Jeff Williams, chief technology officer of Contrast Security stated “The increasing complexity of software and automation of business functions is contributing to a rise in large-scale attacks.” Another man, Mr. Williams, stated, “As systems get more complex and more critical they’re easier to attack and more vulnerable to attack.” One thing that really caused most of the inadequate security problems is the credit cards themselves. The old credit cards without the chips in them were not nearly as safe as the newer ones with the chips. Jaime Blasco, a researcher at a security systems company named AlienVault, stated “Most of the biggest breaches that we are seeing are happening here in the US, and the problem is with these old credit card systems. In Europe we have been using chip and pin credit cards for ten years, and we don’t have those problems anymore” (Mishkin, 2014). These chip cards have a microprocessor in them and so when a person uses the chip instead of the usual swipe for a credit card, it is much safer for them. This chip is encrypted so it scrambles the information and it is much harder for hackers to figure out how to hack the card (Leung, 1999). Even with all the new chip cards circulating the world, no card will ever be one-hundred percent safe and un-hackable.

As a result from all the lawsuits and trouble that companies and banks were getting in, the government started stepping in to assist with the problems. The Federal Bureau of Investigation and the US Secret Service had launched an investigation on cyber attacks against financial institutions like JPMorgan Chase. Representative Cliff Stearns from Florida added a Data Security & Breach Notification Act to the list of bills that were being processed. His bill won the support of the House but still needs support from the Senate. This bill is focused on the Federal Trade Commission and it requires there to be set rules for security of personal data. It also gives consumers total access to all the information that is connected to them. The flaw in this bill is that it does not address the government’s use of commercial data. This bill also left out the notification requirement if robust encryption is used. Their reasoning is that if information is stolen, but cannot be used in any way, then the customer does not need to know it was even stolen in the first place. This idea was found very unacceptable by security advocates, but the bill is still currently under review. A act called the Personal Data Privacy and Security Act was then authorized in the Senate by Sens. Arlen Specter, yet this act will not be as successful as intended. Jim Stickley, chief technology officer at TraceSecurity Inc., states, “There are really no guidelines being set forth on how to enforce this, any data theft legislation that excludes the financial and healthcare sectors – as this bill does – will be fruitless.” This bill is meant to replace a weaker one that is in place right now. Stickley thinks that this new bill is more of a “knee-jerk reaction.” That they are just replacing the old bill so they can say they are doing something about the issue at hand (Carlson, 2005). There are other bills and acts in progress which is giving customers comfort in knowing that the government is trying to help the issue as best as they can.

Another type of data theft that people tend not to think about is with cars. With every new model coming out, more and more advanced technology comes out along with it. The most technology that used to be in cars were radios, then we moved onto being able to watch movies in cars, and now there are screens up on the dash that we can connect our phones to and even see behind us with a backup camera. Using bluetooth we can connect our phones to our cars and sync the music playlists, contacts, and phone calls/text messages. This data is stored in the car and easily accessed when the vehicle is turned on, yet that is not something people tend to think twice about. While accessing the data on our phones might not be as important as getting our credit card information, people still keep very important things on their phone that aren’t for other people to have. Car companies have started to realize this and to give the customers a sense of security, they are constantly updating their security measures (Final Theft Data, 2008). With all the new devices coming out in this technology era it is crucial that the security keeps up and is always making progress to keep the consumers as safe as possible.

 

Spying with Drones

According to the FAA Modernization and Reform Act of 2012, the number of drones expected to be in U.S. airspace by 2020 exceeds thirty thousand. With so many unmanned aircraft cluttering the skies, the issue of privacy from aerial observation, even in one’s own home, is a major concern for American citizens.

Due to drones being a relatively new product to the civilian market, the general public is not familiar with laws concerning drones. Many people concerned with being spied on may want to take matters into their own hands and bring the drone down with a gun, projectile, or jamming device. However, it is entirely possible to find yourself violating the law for bringing down a drone, as the airspace is regulated by federal authority. The reason this is important to remember is because it is illegal for a citizen to interfere with aircraft. The laws concerning drone use and privacy are also disturbingly minimal in terms of ensuring citizens’ privacy. Jason Koebler (2016) goes into detail about the state of drones laws in the U.S. and their contradictions. The FAA Modernization Act of 2012 demanded that the Federal Aviation Administration (FAA) come up with a plan for domestic drones by 2015, but they did not meet that deadline, and there were still no commercial drone regulations a year later at the time of Koebler’s article. The FAA also issued orders to several drone companies telling them to stop, which were later waived in court, after which the FAA rescinded the orders. The regulation used by the FAA to determine illegal drone use is 14 CFR Section 91.12(a), which essentially says that an aircraft operator can’t fly their aircraft in a “reckless manner so as to endanger the life of property of another.” It should be noted that this regulation is used for aircraft pilots other than drone operators. Due to the vague wording of the regulation, the interpretation of it is left entirely up to the FAA until newer, more specific regulations are enacted. Koebler also notes that state and local government don’t have any real control over airspace, as it is under federal jurisdiction. But, they do have authority over land and water use. This is important because the FAA has not set a strict limitation on when the space above someone’s property becomes federal airspace. If a drone flies into “private” airspace, the citizen’s privacy is being violated and a crime has potentially been committed. But because no definition of public and private airspace is in legislation, attempting to take down a drone can be interpreted by the FAA as attempting to take down an aircraft in federal airspace, even if it is in your own backyard.

How, then, should a law-abiding citizen deal with a drone they feel is being used to spy upon them? Immediate action such as shooting the drone or forcing it to the ground is not always advisable, but you can take other measures. Speaking to the operator of the drone is the quickest and most direct way of finding out if a drone is being used in a malicious way. By law, drone operators must keep their drone in sight, so finding the operator should not be too difficult a task. And Miriam McNabb (2016) suggests that, much like a motor vehicle accident, documenting everything you can about the incident is recommended if you intend to report it to the FAA or police. The FAA has greater authority on whether a drone was being misused, but local police should still be a citizen’s go-to for complaints about being spied on, drone related or not.

A major issue that could be a concern for drone operators is that their drones could be hacked in-flight. This could be something as simple as someone using a device to block the operator’s communication to the drone in order to force it to the ground. These devices have become more popular in recent years, but more sinister devices are popping up that can both jam the operator’s radio signals, and give control of the drone to an attacker. Dan Goodin writes in his 2016 article, “There’s a new way to take down drones, and it doesn’t involve shotguns,” about how a researcher had recently shown how a radio transmitter they had built was able to take control of nearby drones, even in mid-flight.

The remote control in the possession of the original operator experiences a loss of all functions, including steering, acceleration, and altitude. The hack works against any drone that communicates over DSMx, a widely used remote control protocol for operating hobbyist drones, planes, helicopters, and boats.

Any drone hobbyist that knows this information would be rightly scared. Drones are expensive pieces of technology, and no one wants their property taken. But beyond that, a number of drones can carry fuel, which can be ignited by slamming the drone into something solid. As such, they can be used for terrorist attacks, and the attacker would be virtually untraceable because they would be using a drone that is associated with someone else. So the obvious conclusion is to avoid using DSMx. However, DSMx is a widespread technology that is very popular for non-professionals, and there aren’t many alternatives that offer the same advantages that make DSMx popular. Research and advancements are being made into harder-to-crack programming languages and hardware, but are still not near perfection for use in the public market.

Cyber Stalking

There are a variety of uses of the World Wide Web. Along with all the good things that can be done on the Internet, there are also some ways that it can be used in order to achieve negative goals. One of these goals is to get a ransom or ruin one’s reputation by cyber stalking them and hacking into a victim’s personal device and using their information to blackmail them. Cyberstalking is the use of technology to harass or stalk an organization or a company. It may involve falsely accusing someone, damaging someone’s reputation, and character assassination.  It may also include monitoring someone remotely, identity theft, threats, solicitation for sex, or gathering information that may be used to humiliate, bully, or torment someone. Cyber-stalking is stimulated by a desire to intimidate and show authority to a victim. Through the introduction of modern technology, computers allow criminals to commit crimes that they can easily get away with. These cybercrimes are impacting the society immensely and the aftermath of this is horrendous.

One form of online harassment includes the sending of unwanted e-mails which are abusive or obscene from one person to another. It may involve electronic vandalism, in the form of spamming the victim with a ton of emails. One victim of cyber-stalking, Cynthia Armistead, received thousands of offensive telephone calls after her stalker posted a fraudulent advertisement on a discussion group offering her services as a prostitute and posting her home address and telephone number. In another case, a woman who complained about a literacy agency online found that her home address and telephone number were posted on a porn website. If the stalkers know personal details, such as their phone number and address, of the victim, stalking them becomes a lot easier for them. In the case of Cynthia Armistead, threatening calls followed the emails she was getting (Washington University, 2009).

Stalkers have different motifs in mind when they stalk someone. Some do it for sexual harassment, while other do it for revenge or fixation of love. This usually happens when a partner ends a relationship, but the other one does not mentally accepts it. In such cases, it is not hard for the stalker to get a hold of the victim’s personal information. In one case, a Pennsylvania State Trooper was recently arrested for posting five nude photographs of his former wife on a bondage and sadomasochistic website apparently in order to seek revenge for a failed marriage. According to Christine Pittaro (2007), the Crime Victim / Witness Advocate for the District Attorney’s Office of Northampton County, Pennsylvania, Heller had worked as a trooper for approximately 14 years – up until the date of his arrest. In addition to creating a profile in his wife’s name and posting the nude photographs, Heller also posted his wife’s occupation as a schoolteacher and date of birth on the bondage website (Pittaro, 2007). A forensic examination of Heller’s laptop computer revealed that the laptop had been used to post five of the eighteen nude photographs of his ex-wife that were taken when the two were initially married (Iannace, 2007). The forensic examination, which was performed by State Trooper Paul Iannace, determined that Heller, posing as his ex-wife, posted explicit messages on the website-soliciting viewers to contact her to engage in violent sexual acts (2007). This particular cyber stalking offense was unearthed after one of the website’s visitors decided to contact Heller’s ex-wife at her place of employment (Iannace, 2007). Heller subsequently pleaded guilty to harassment for placing the images on the bondage site and agreed to quit the Pennsylvania State Police in light of the criminal charges lodged against him (Iannace, 2007). According to Assistant District Attorney Patricia Broscious of Northampton County, Pennsylvania, such cases of cyber stalking are difficult to prosecute based on the manner in which many of the statutes are currently written (Iannace, 2007).

            It is hard to combat cyber-crimes such as these because cyber stalkers have good computer skills and it is hard to trace them, but it is not impossible. Article IV of the Bill of Rights also ensures protection against such crimes. There are many laws in place to deal with cyber-crimes. Many do not consider Cyber Stalking as a real crime, but in reality it is a crime and there are laws to prevent it. Under 18 U.S.C. 875(c), it is a federal crime, punishable by up to five years in prison and a fine of up to $250,000, to transmit any communication in interstate or foreign commerce containing a threat to injure the person of another. Section 875(c) applies to any communication actually transmitted in interstate or foreign commerce – thus it includes threats transmitted in interstate or foreign commerce via the telephone, e-mail, beepers, or the Internet. Certain forms of cyberstalking also may be prosecuted under 47 U.S.C. 223. One provision of this statute makes it a federal crime, punishable by up to two years in prison, to use a telephone or telecommunications device to annoy, abuse, harass, or threaten any person at the called number. The statute also requires that the perpetrator not reveal his or her name (Cornell University).

Combating Cyber Crime

Keeping ourselves and our electronic devices secure are huge concerns for people in the 21st century. Almost all individuals are attached to their phones, laptops, tablets, etc. One question that arises is, how safe are we? The truth is, no individual will ever be 100% secure. Every human, every company, and every laptop are vulnerable to becoming hacked. Despite the fact that it is impossible to be fully secure, there are a few things that could limit any potential attacks against us.

The most obvious way to keeping our devices secure is by keeping our devices up to date and using anti-virus software such as Microsoft Security Essentials or Webroot. It is important to keep devices up to date because the reason that software companies always ask you to update their systems is simply so they can fix bugs/holes that could potentially lead to users getting hacked. As soon as they find these flaws in their system, they reconstruct the code in a way that patches these holes before a hacker is able to get through and hack our devices. It may seem like common sense to run an anti-software system, however, according to Microsoft, twenty-four percent of computers do not use anti-virus softwares to keep themselves protected, leaving themselves on average 5.5 times more likely to get infected with viruses.

Individuals who utilize laptops on a day to day basis should use something such as a sticky note or dark tape to cover over the laptop’s webcam. Although your laptop will usually have a light near the camera, indicating that your camera is turned on, hackers are able to tamper with the code and turn this feature off so that it seems as if your camera is off when in fact it is on. Laptops are not the only things with cameras that can be hacked, any gadget that is connected to your network and has a camera, such as a baby monitor, security camera, etc., can be hacked into. The reason a lot of these items are hacked into is because a lot of these companies issue the same default password for each device and expect the customer to change the password. If passwords on these devices are not changed, they could end up on a website called Shodan. Shodan is a search engine that lets users find specific types of computers connected to the internet using a variety of filters, in other words, you can see live camera footage from people’s homes who don’t protect themselves.

Passwords are another way to keep your accounts protected. A lot of websites force the users to have capital/lowercase letters, numbers, and symbols. The reason that a lot of websites do this is because it is a lot harder to crack a password that is that complex. For an example, if a seven character-long password is only using lowercase letters, there are 267 or 8,031,810,176 different possibilities for a password. This may seem like a lot of possibilities, but according to Mandylion Research Lab, in one hour, the average computer is able to try seventeen billion different passwords in one hour. With this statistic, it would make sense for users to make their passwords both longer and more complicated.

In the realm of Cyber Security, it is known that there are three main things that people are supposed to protect. Confidentiality, Integrity, and Availability (CIA). Each one of these words has a unique definition that if protected, can stop unwanted attacks. Confidentiality is the idea in which we do not want unauthorized users to look at information that they should not be looking at. An example of confidentiality is if you have a weak password and somebody is able to get into your computer/account and read files that are private and should not be shared with others. Some ways to prevent this from happening is again, using stronger passwords and also encrypting files that are important. Integrity is making sure that the information you have has not been tampered with or edited by a hacker. If a hacker is able to get into your system due to a weak password, it is likely that you will not be able to protect the integrity of your files because they can easily edit them. Finally we have availability, this is to make sure that only authorized individuals are able to gain access to information. Once these three aspects are protected, it makes it harder for a cyber attack to occur.

Many companies hire ethical hackers, which are hackers that are given permission by companies to try and hack into their system. The goal of these hackers are to find vulnerabilities in the system and write a report about what can be done to improve the level of security within the system. When this is done, the company fixes anything that needed to be fixed based on the report and are now more secure than they were before. It is important that companies look out for threats and vulnerabilities. A threat is something that could potentially affect CIA, whether it be a person, code, or even nature. A vulnerability in simplest terms is a flaw or weakness in a system, an example of a vulnerability would be having a weak password. When threats and vulnerabilities are put together, we are given a risk. Risk it the likelihood of something bad to happen, so to lower the chance of a high risk, it would be ideal to lower what you can control, the vulnerability. This can be done by having back-up generators in case of a storm, requiring strong passwords so that it is harder to get hacked.

There are five steps in order to manage risk, they include; Identifying assets, identifying threats, assessing vulnerabilities, assessing risks, and mitigating risks. The first step is identifying assets, this means finding what we are trying to protect whether it be cellphones, laptops, software, etc. The next step is identifying the possible threats, as stated earlier, threats are something that could affect CIA such as inclement weather, script kiddies (generally younger people who use open-source hacking softwares). Moving onto assessing vulnerabilities, this is having backup plans for possible threats, such as backup generators, and requiring strong passwords. When assessing risk, we identify the threats and vulnerabilities for a certain asset. This step is an important prerequisite for the next step because it helps identify what risks each asset may have. Finally we have the last step, mitigating risk. This allows us to see a risk, and come up with a solution to lower the chances of the risk happening. These five steps are used by companies everyday to ensure that they keep their systems up and running safely.

Once again, it is not possible to be 100% secure from hackers, but hopefully it is easier to understand that simple things such as keeping our devices up to date, covering our webcams, and installing anti-virus software can make us more immune from getting hacked than if we do not do these things.

 

            With the advancements in technology, there are a lot of ways that the human life has been impacted positively, but with all these positive aspects also comes a negative side. Cyber Crimes are on the rise because of these advancements in technology. No matter what there will always be hackers ahead of the game that are able to find ways to get into our systems, but there are also always ways to better protect ourselves. More research is needed in order to improve the understanding of cyber crimes and creating more awareness about it.  Looking at cyber crimes from different angles like data theft, combating cyber crime, spying with drones, and ransom / cyber stalking will help us get a better understanding of cyber security as a whole and hopefully help better prevent cyber crimes in the future.

 

Works Cited

Andress, J. (2014). The basics of information security : understanding the fundamentals of

InfoSec in theory and practice (2nd ed.). Waltham, MA: Syngress.  Retrieved from:

            http://proquest.safaribooksonline.com/book/networking/security/9780128007440

  1. (n.d.). 47 U.S. Code § 223 – Obscene or harassing telephone calls in the District of Columbia or in

interstate or foreign communications. Retrieved April 23, 2017, from https://www.law.cornell.edu/uscode/text/47/223

Carlson, C. (2005). Experts fear weak data theft law; federal lawmakers are eager to take action

against the growing problem of data theft. EWeek, 22(43), 20. Retrieved from

https://search.proquest.com/docview/198516881?accountid=14541

Ellison, L., and Akdeniz, Y., “Cyber-stalking: the Regulation of Harassment on the Internet,”

[1998] Criminal Law Review, December Special Edition: Crime, Criminal Justice and the Internett, pp 29-48. Retrieved from: https://web.archive.org/web/20130526024339/http://www.cyber-rights.org/documents/stalking_article.pdf

Final theft data; motor vehicle theft prevention standard. (2008). Lanham: Federal Information

& News Dispatch, Inc. Retrieved from

https://search.proquest.com/docview/190296290?accountid=14541

Goodin, D. (2016). There’s a new way to take down drones, and it doesn’t involve shotguns. Ars

Technica. Retrieved from

https://arstechnica.com/security/2016/10/drone-hijacker-gives-hackers-complete-control-of-aircraft-in-midflight/

Koebler, J. (2016). Is Flying a Drone Illegal? A Comprehensive Guide to America’s Drone Laws.

Motherboard. Retrieved from:

https://motherboard.vice.com/en_us/article/is-flying-a-drone-illegal-a-comprehensive-guide-to-americas-drone-laws

Kuchler, H. (2014). Target data theft sounds wake-up call for retailers. FT.Com, Retrieved from

https://search.proquest.com/docview/1498150738?accountid=14541

Leung, A. (1999). Smart cards seem a sure bet. InfoWorld, 21(10), 37-37,40. Retrieved from

https://search.proquest.com/docview/194333644?accountid=14541

Mishkin, S. (2014). Home depot probes possible data theft. FT.Com, Retrieved from

https://search.proquest.com/docview/1574803943?accountid=14541

McNabb, M. What to Do if a Drone is Spying on You. dronelife. (2016). Retrieved from:

http://dronelife.com/2016/11/22/what-to-do-if-a-drone-is-spying-on-you/

West, J. P. and Bowman, J. S. (2016), The Domestic Use of Drones: An Ethical Analysis of

Surveillance Issues. Public Admin Rev, 76: 649–659. doi:10.1111/puar.12506 Retrieved

from: http://onlinelibrary.wiley.com.mutex.gmu.edu/doi/10.1111/puar.12506/full