To install StudyMoose App tap and then “Add to Home Screen”
Save to my list
Remove from my list
Securing information systems in the last decade has become more apparent and malicious than ever before due to the ever-expanding internet. Cyber-crime is any type of crime that involves a computer or a computer network used for malicious or harmful purposes. Cyber-crime comes in all shapes and sizes and can cause different problems ranging from not being able to access resources to the entire computer network crashing. There has been a spike in cyber-crime on the internet due to the loose regulations, lack of laws governing internet and computer use, and growing popularity in online markets posing a risk for millions.
Summarized by The U.S Bureau of Investigation (2017) Victim loss from corporate data breaches surpluses 60,942,306 and will continue to rise in coming years. With the total cyber-crime annual revenues being over 1.5 trillion it is no secret that this is a big problem. Of these cyber-crimes identity theft, email phishing scams, SQL injection attack, Distributed Denial of Service (DDoS), and cyber stalking have been among the most prevalent and dangerous.
In this portfolio project, I will be discussing five different case studies on different topics of digital crime. For each of the five cyber-crimes I will be explaining the type of crime, as well as give background on the development and history of the cyber-crime. The information for each crime will include the crime, how the computer was used, victims, outcome, and how it could be prevented. In addition, the perpetrator will be identified (if found), and their punishment explained.
The first case study and digital crime introduced is cyber identity theft.
Identity theft is not a new crime, in fact, it dates back to even before the computer or internet was invented. Identity theft is the act of deliberately using someone elses identity to gain a financial advantage, obtain credit, and benefits in the other persons name, and to the possible disadvantage of the other person. With the development and the increased use of the internet, the crime of identity theft has made it’s way into the cyber world. The first case study presented is possibly one of the ost famous cyber identity theft cases in the United States. Abraham Abdallah of Brooklyn New York was arrested after his elaborate identity theft impersonations were uncovered. Abdallah used the identities of some of the most rich and famous people in the US to breach banks and credit card companies. His scams were so elaborate that it took years to uncover the entire scheme. He stole millions from hollyood personalities such as Warren Buffett and Steven Spielberg, and performed all of this in the computer lab in the Brooklyn Library in New York. He was eventually arrested on the charges, sent to prison, and received a hefty fine on top of damages to the victims. Although there was justice in this case, many identity theft cases are never solved, especially when they are online. According to 2018 Identity Fraud: Fraud Enters a New Era of Complexity from Javelin Strategy & Research, in 2017, there were 16.7 million victims of identity fraud, a record high that followed a previous record the year before.
This case study example of cber identity theft could have been avoided a couple different ways. Security at the Brooklyn library computer center could have been better if it was not able to detect there as at least something “funny” going on. Additionally, the computer could have implemented time restrictions, website restrictions, or even closed circuit TV (CCTV) to watch over the computer lab for suspicious activity. This case study could have also been prevented by the credit card companies and banks. At the time this case took place security within credit card companies and banks was not as strict as it is today, which Abdullah used to his advantage to steal these celebrities money. Two step verification, providing personal information only the customer would know, and bank account number and credit card numbers can all be used to verify if someone is who they say they are. Although these precautious have been implemented recently, there are still ways being developed for identity theft everyday.
The next case study presented involves an email phishing scam which ended up almost costing the organization a serious financial loss. Phishing is a scam where the criminal sends an email pretending to be from a legitimate company, with a legitimate looking website through the URL, in hopes of the victim providing the requested information. If successful, the criminal is free to use this information for personal gain. In this particular case study, which took place on January 24th, 2018 there was an email wire transfer request sent from the CEO of First Business Bank for $15, 850. The bank employee emailed back a blank wire request form, received the completed wire request form and wire agreement, with a valid signature that matched the signature of the CEO. The wire stransfer was then submitted. It was not until a phone call back to the clients phone number from the bank records indicated this was a fraudulent transaction and was stopped right away. All of the emails were directed automatically to the delete folder so neither the bookkeeper or CEO knew the fraud was happening. It as later determined by the banks IT department that the CEO and bookkeepers corporate emails were compromised in November 2017. From November 2017 to January 24th, 2018 the emails were monitored to gain the information needed to carry out the scam. Eventually police were able to trace the IP address back to South African however, it is very unlikely these criminals will ever be brought to justice.
What went wrong in this case study is not proper authentication before the wire transfer was put through. A simple phone call to the CEO before the wire transfer to confirm this was their request could have saved lots of time and frustration, and could have prevented the situation all together. Organiational measure that should be instituted is frequent email and account password change and password complexity. In addition, double checking high value requests and employee cyber security training and awareness will help mitigate attacks suh as these.
The next case study presented is one tht managed to affect millions of people, and is known as one of the biggest distributed denial of service attacks ever launched. The Dyn DDoS occurred on October 21st, 2016 and overturned larger portions of the internet and services in the United States and Europe. The source of the botnet was the Mirai botnet, which consists of the Internet-of-Things (IoT) devices such as internet protocol (IP) cameras, printers, and video recorders. According to Sreekanth, Aishwarya Sri, Prashant Vartiainen, Teemu (2017) “Mirai is a piece of malware which infects and exploits the vulnerable network devices on Fig. 1. DNS attack mechanism the Internet, preferably IoT devices. Upon successful infection, the bot gets registered to a Command and Control Server (C&C) which controls the botnet during attacks. Mirai malware exploits those network devices that authenticate using default credentials.” The attack was deemed to be unusual and bizarre by Dyn because of the use of IoT devices with this particular malware.
This case study could have been prevented and mitigated a couple different ways. The most basic ways would be securing the network infrastructure, basic network security, strong network architecture, outsourcing DDoS protection, nd being able to recognize warning signs are all way to prevent a DDoS. Organizational measures that can be implemented include an in depth denial of service response plan to help mitigate the attack if it has already taken down organizational resources.
The fourth cse study for this portfolio project is one involving cyber stalking. Stalking has historically been an issue, it is usually done by physically following someone however, with the availability of information on the internet you can now stalk people online. In this case study, Cassandra Cruz who was an online school student became fixated on a woman she found on a porn website. Although it had been 15 years since this woman was actively posting porn, Cassandra was relentless with her growing obsession for the actress. She had access to two of the victim’s news feeds for social media by portraying an attractive marine named Giovanni. Soon she began to post on every picture as well as her friends and families social media posts which raised suspicions with the victim. Giovanni was soon blocked from accessing the victim’s social media and that’s when Cassandra started email, call, and letter threats. Summarized by the Federal Bureau of Investigations News (2017) “From the beginning of 2016 until late April, the victim received more than 900 phone calls and text messages on her cell phone alone. Approximately the same amount of unwanted calls were made to the victim’s home and work phones before the FBI ended the stalking.” Cassandra Cruz was good at what she did as she had several fake social media accounts and deceived the FBI for months in an ongoing investigation. Finally, Cassandra was caught in a video chat that confirmed she was the stalker as well as discussing $100,000 extortion demand from the victim. The FBI officially took her down at the meet-up for this supposed $100,000 demand. One thing to note from the article on the case is that even on her way to jail she was completely fixated and infatuated with this random victim, which goes to show virtually anyone can be a cyber stalker. However, the numbers do not lie released by the U.S. Department of Justice only 23% of stalkers identified by females were strangers, which is why it is equally important in the age of information to secure private credentials and do not overshare on social media, even with people you “know”.
It is hard to say how cyber stalking can be prevented due to the multi-faceted use of different avenues to obtain information on the victim (social media, email, phone calls, in person). The best way to prevent this type of attack is to simply be aware and investigate anything unusual. The biggest warning sign is getting an add from a person you do not recognize, or unwanted emails from someone who claims they know you, or someone who is persistent and will not take no for an answer. Measure that can be instituted to mitigate cyber stalking would be not oversharing on theinternet, using a different email for social media accounts, password complexity, privacy settings, and searching for yourself online to see what information comes up.
An SQL injection is an attack brought upon a website in which the attacker injects structured query language (SQL) code into a web form input box to gain access to web resources or to change information. The fifth and final case study presented for this portfolio project is an SQL injection attack which took place against Barracuda Networks on April 11th, 2011. As summarized by Accunetix (2011) What was ironic is Barracuda, the company that advocates security through it’s own Web Application Firewall, fell victim to the most common and oldest type of attack against web servers – the blind SQL injection attack. Barracuda, a major developer in web application firewalls are designed to stop this type of attack from occurring. The reason the attack occurred was the firewall for Barracuda was unintentionally turned of for a couple of hours. Because of this attack, thousands of confidential customer and employee records were stolen. To regain their customers trust they explained how the attack happened, and that no sensitive information was leaked. An independent study was done that proved this to be false, as 20,000 records were stolen, many of which internal and privileged usernames and passwords. The attackers were never found and prosecuted for this case however, the companies integrity suffered a great deal with the massive cover up that followed the attack.
What went wrong in this case study is Barracuda Networks should have never “unintentionally” shut off their firewall. Furthermore, they should have more than one security control implemented on their network infrastructure, to help mitigate and possibly prevent attacks such as these. Appropriate pribileges, firewall updates and patches, and input validation are all organizational measures that should be implemented that help mitigate an SQL injection attack.
The principles of cyber security course is a great class to learn corporate level cyber security, and how it applies to enterprise level organizations. Key learnings in this course started with cyberstalking, fraud, and abuse, and how they could be used either in the workplace or in personal lives. This section outlined the different types of cyber fraud, abuse, and how it can be avoided when securing an enterprise. The next key learnings in this course were denial of service, malware, and hacker techniques. In this section, the denial of service attack was outlined and way to prevent it provided. Malware was discussed in this section, which is an important term for cyber security professionals to know because it is our job to prevent it. Hacker techniques were presented in this section such as online and information systems, as well as social engineering and physical techniques.
The next section and key learning was industrial espionage. Since espionage is one of the worst crimes that can be committed, and is a real life issue in corporations, it is relevant for cyber security professionals to be aware of the epidemic. This section taught us what industrial espionage is, how to prevent it, and why it is still being used by many government and military agencies today illegally. Encryption and computer security technology are the next key learnings, which taught on encryption types, why encryption is necessary, and ways to encrypt information. Computer security technology included different technologies used for computer security such as firewalls, patching and updating, passwords, and much more.
Network scanning and security policies were the next key learnings is the course and introduced how and why to network scan, as well as security policies an organization at an enterprise level should implement. These include many different policies ranging from acceptable use policy to internet security policies. The last key learnings in this course included cyber terrorism, information warfare, and detection and computer forensics. Cyber terrorism and information warfare are many times used by nations, military, or organized criminal cyber groups that are used to cause harm to others or to spead dis-information to help a political agenda. The last key learnings from this course on management of cyber security within an enterprise is cyber crime detection and computer forensics. This section goes through how to detect incidents, and what to do when completing a computer forensic investigation. This includes the steps, software, chain of command, and different government agencies involved when completing an investigation.
In conclusion, this cyber security course has taught many major fundamentals neeed by cyber security professionals working at an enterprise level. This portfolio project outlined five case studies on cyber crimes committed today. Identity theft, phishing email scam, SQL injection attack, cyber stalking, and denial of service (DoS) are all relevant cyber attacks that can affect virtually anyone today. In this project the case studies were presented, as well as how the situation could have been avoided and what company policies and procedures to implement to mitigate these type of attack. The last part of the portfolio project was the key learning outcomes for managing cyber security within an enterprise setting. These key learnings I will be taking with me, and applying as a cyber security professional.
Cyber Crime Case Studies. (2022, Aug 22). Retrieved from https://studymoose.com/cyber-crime-case-studies-essay
👋 Hi! I’m your smart assistant Amy!
Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.
get help with your assignment