COMPUTER CRIME

What is Computer Crime?

Computer crime or computer related crime or technology crime, are

descriptions commonly used interchangeably to refer to any illegal act
committed by

a) An individual
b) A group of persons or
c) A company

Computer Crime is largely known as CYBERCRIME

Cybercrime, the use of a computer as an instrument to further illegal ends,

such as committing fraud, child trafficking, pornography and intellectual
property, stealing identities, or violating privacy. Cybercrime, especially
through the Internet, has grown in importance as the computer has become
central to commerce, entertainment, and government.

Types of Computer Crimes

They include and not limited to:-

 Child pornography - Making, distributing, storing, or viewing child

pornography.

 Click fraud - Fraudulent clicks on Internet advertisements.

 Copyright violation - Stealing or using another person's Copyrighted

material without permission.

 Cracking - Breaking or deciphering codes designed to protect data.

 Cyber terrorism - Hacking, threats, and blackmailing towards a

business or person.

 Cyberbully or cyberstalking - Harassing or stalking others online.

 Cybersquatting - Setting up a domain of another person or company

with the sole intention of selling it to them later at a premium price.
1
 Creating malware - Writing, creating, or distributing malware (e.g.,
viruses and spyware.)

 Data diddling - Computer fraud involves intentionally falsifying

numbers in data entry.

 Denial of Service attack - Overloading a system with so many requests

it cannot serve normal requests.

 Data theft - Stealing others' personal or confidential information.

 Doxing - Releasing another person's personal information without their

permission.

 Espionage - Spying on a person or business.

 Fake - Products or services that are not real or counterfeit. For

example, fake antivirus and fake technical support are examples of
something fake.

 Fraud - Manipulating data, e.g., changing banking records to transfer

money to an account or participating in credit card fraud.

 Green graffiti - Graffiti done through projectors or lasers to project an

image or message onto a building.

 Harvesting - Collect account or account-related information on other

people.

 Human trafficking - Participating in the illegal act of buying or selling

other humans.

 Identity theft - Pretending to be someone you are not.

 Illegal sales - Buying or selling illicit goods online, including drugs,

guns, and psychotropic substances.

 Intellectual property theft - Stealing practical or conceptual information

developed by another person or company.

 IPR violation - An intellectual property rights violation is any

infringement of another's Copyright, patent, or trademark.

2
 Phishing or vishing - Deceiving individuals to gain private or personal
information about that person.

 Pig butchering - SMS (short message service) scam to get people to

invest in a cryptocurrency scam.

 Ransomware - Infecting a computer or network with ransomware that

holds data hostage until a ransom is paid.

 Salami slicing - Stealing tiny amounts of money from each transaction.

 Scam - Tricking people into believing something that is not true.

 Sextortion - Extortion where a victim's private data of a sexual nature

is acquired illegally by another person.

 Slander - Posting libel or slander against another person or company.

 Software piracy - Copying, distributing, or using software not

purchased by the software user.

 Spamming - Distributed unsolicited e-mails to dozens or hundreds of

different addresses.

 Spoofing - Deceiving a system into thinking you are someone you're

not.

 Swatting - The act of calling in a false police report to someone else's

home.

 Theft - Stealing or taking anything (e.g., hardware, software, or

information) that doesn't belong to you.

 Typo squatting - Setting up a domain that is a misspelling of another

domain.

 Unauthorized access - Gaining access to systems you have no

permission to access.

 Vandalism - Damaging any hardware, software, website, or other

objects.

3
  Wiretapping - Connecting a device to a phone line to listen to
conversations

HACKING

Hacking is the act of compromising digital devices and networks by gaining

unauthorized access to an account or computer system.

Attackers aim to gain unauthorized access to networks and computers, often

for monetary gain or espionage purposes

History of Hacking

Early hacking was more in line with ethical hacking. In the 1960s,
engineering students used the term to indicate various methods of
optimizing machines and systems to increase their efficiency.

Into the 1960s and 1970s, the term's use evolved into a more computational
and tech-related context. And by 1975, a more formalized definition of
hacking was adopted by The Jargon File (a dictionary of terms used by
computer programmers) as “A malicious meddler who tries to discover
sensitive information by poking around. Hence password hacker, network
hacker”.

By this time, the word “hacker” was associated with cybercrime, often
described as “security hacker”. It wasn't before the late 1980s when the first
Internet hacker, Robert Morris, deployed the first ever “denial of service”
attack due to a fault in the code. Otherwise known as the Morris Worm of
1986, the incident was intended to highlight security vulnerabilities but
inadvertently caused extensive damage that lasted for several days.

Types of Hackers

 White Hat Hackers: Also known as ethical hackers, these individuals

use their skills to identify vulnerabilities in systems and networks in

4
 order to improve security. They work legally and with permission to
help organizations strengthen their defenses against cyber threats.

 Black Hat Hackers: These hackers engage in unauthorized activities

with malicious intent. They may steal data, disrupt systems, or cause
harm for personal gain, financial profit, or simply to create chaos.

 Grey Hat Hackers: Grey hat hackers fall somewhere in between white
hat and black hat hackers. They may engage in hacking activities
without explicit permission but not necessarily for malicious purposes.
They may, for example, expose security flaws without causing harm,
but their actions still violate ethical and legal standards.

 Script Kiddies: These are individuals with limited technical skills who
use readily available tools and scripts to launch attacks without fully
understanding the underlying mechanisms. They often seek attention
or cause damage for the sake of mischief.

 Hacktivists: Hacktivists use hacking techniques to promote social or

political causes. They may deface websites, leak sensitive information,
or disrupt services to raise awareness or protest against perceived
injustices.

 State-Sponsored Hackers: These hackers are employed or supported

by governments to conduct cyber espionage, sabotage, or other cyber
operations for political, economic, or military purposes.

 Cybercriminals: Cybercriminals operate for financial gain, engaging in

activities such as identity theft, fraud, ransomware attacks, and selling
stolen data on the dark web.

Types of Hacking

 Malware Attacks

Malicious software, also known as malware, that infects a system and

spreads without the user's knowledge or consent, damaging files, stealing
data, or gaining unauthorised access.
5
  Ransomware Attacks

Ransomware is an advanced form of malware that encrypts the victim's data

and demands a ransom payment to effectively release and restore access to
the files or system.

 Phishing Attacks

Phishing is the fraudulent attempt to capture sensitive information (such as

passwords, login credentials, or financial data) by pretending to be a
legitimate or trustworthy entity via email, phone, or website.

 Brute Force Attacks

A brute force attack is a trial-and-error method threat actors use to crack

passwords or encryption keys by systematically trying every possible
combination until the correct one is found. It can be time-consuming but is
often effective against weak or simple passwords.

 Man-in-the-Middle Attacks

Otherwise known as data eavesdropping, MitM is the interception and

alteration of communications between two parties to steal sensitive data or
confidential information or carry out damaging actions.

 SQL Injection Attacks

Exploiting vulnerabilities in web applications that use SQL databases to steal

or manipulate data by inserting malicious code into a SQL statement.

 Distributed Denial-of-Service Attacks

Otherwise known as DDoS attacks, this activity involves overwhelming a

target system or network with traffic or requests to cause service disruption
or outage.

 Zero-Day Exploits

6
Exploiting software applications or computer systems vulnerabilities that are
unknown to the vendor or users to gain unauthorised access or cause
damage.

 Cross-Site Scripting (XSS) Attacks

Exploiting weaknesses in web apps to inject malicious scripts into the

webpage viewed by users to steal data or perform unauthorised actions.

 Session Hijacking

Similar to MitM attacks, session hijacking involves stealing an active session

token or cookie to gain unauthorised access to a user's account or computer
system.

 Credential Reuse Attacks

Using stolen or leaked login credentials (usually obtained through phishing,

password attacks, or physical means) to gain unauthorised access to other
accounts or systems.

 DNS Tunneling

Using Domain Network System (DNS) protocols to bypass security measures

and exfiltrate data from a target network of interest.

Identity theft and Credit Card Fraud

Identity Theft and Computers

This typically happens in one of two ways. First, identity thieves might
access private information directly from someone's computer by installing
spyware. Spyware is software that sends information from your computer to
another without your knowledge or consent.

Identity theft, also known as identity fraud, is a crime in which an imposter

obtains key pieces of personally identifiable information (PII), such as Social
Security or driver's license numbers, to impersonate someone else

Online identity theft is a crime in which an attacker uses fraud or deception

to obtain personal or sensitive information from a victim and misuses it to

7
act in the victim's name. Usually, perpetrators of such crimes are motivated
by their own economic gain.

Credit Card Fraud

Credit card fraud is a form of identity theft that involves an unauthorized

taking of another's credit card information for the purpose of charging
purchases to the account or removing funds from it.

Credit card fraud occurs when a third party takes your credit card
information to make purchases or steal funds. In the past, this usually
happened when someone stole the physical credit card from you. However,
thanks to today's online purchases and web databases, your card
information alone can lead to identity theft

Credit card numbers can be stolen without your knowledge. Until you spot a
fraudulent charge on your monthly statement, you may have no idea your
information has been stolen. Credit cards can be stolen in a variety of
ways: Through theft of a physical card, via data breaches, by card skimmers.

Ethical concerns related to credit cards and credit card fraud:

1. Privacy and Data Security: Credit card companies and financial

institutions collect vast amounts of personal and financial data from
cardholders. Ethical considerations arise around how this data is
collected, stored, and protected from unauthorized access and misuse.
Companies have an ethical obligation to safeguard cardholder
information and maintain robust security measures to prevent data
breaches and fraud.

2. Trust and Integrity: Consumers trust credit card companies and

merchants to handle their financial information securely and ethically.
Any breach of this trust, whether through negligence, fraud, or other
unethical practices, can damage the reputation and integrity of the
companies involved. Maintaining trust and transparency is essential for
fostering long-term relationships with customers.

8
3. Fairness and Accountability: Credit card fraud can result in financial
losses for both cardholders and merchants. Ethical considerations arise
around how these losses are distributed and who bears responsibility
for fraudulent transactions. While consumers are typically protected
from liability for unauthorized transactions, businesses may suffer
financial losses or damage to their reputation as a result of fraudulent
activity.

4. Customer Service and Support: Ethical considerations extend to

how credit card companies and financial institutions handle reports of
fraud and support affected customers. Prompt and effective response
to fraud reports, timely resolution of disputes, and providing adequate
support to affected individuals are essential for upholding ethical
standards and maintaining customer satisfaction.

5. Regulatory Compliance: Credit card companies and financial

institutions are subject to various laws and regulations governing data
security, fraud prevention, and consumer protection. Ethical
considerations include ensuring compliance with these regulations, as
well as upholding ethical principles beyond legal requirements to
promote fair and responsible business practices.

6. Social Responsibility: Credit card fraud can have broader societal

implications, such as funding criminal activities, fueling organized
crime, and contributing to economic instability. Ethical considerations
include taking proactive measures to prevent fraud, collaborate with
law enforcement agencies to combat financial crime, and contribute to
initiatives aimed at improving cybersecurity and fraud prevention
efforts.

7. Education and Awareness: Ethical considerations also involve

educating consumers about how to protect themselves from credit
card fraud, recognize potential scams, and take preventive measures
to safeguard their financial information. Credit card companies and
financial institutions have a responsibility to provide resources, tools,

9
 and guidance to help consumers make informed decisions and mitigate
the risk of fraud.

Laws that rule the use of the Web

The statutory regime regulating the use of the internet in Kenya comprises of
the following statutes; the Kenya Information and Communications Act and
the Data Protection Act.

These laws govern issues such as data protection, cybercrime, and the
regulation of internet service providers

CASE STUDY

1. Examine the function of Kenya information and Communication Act

and enumerate key areas omitted by the act.

2. The Equifax data breach refers to a significant cyber-attack that

occurred in 2017, targeting Equifax Inc., one of the largest credit
reporting agencies in the United States. The breach resulted in the
exposure of sensitive personal information belonging to approximately
147 million individuals, making it one of the largest data breaches in
history.

Instruction to the learner: watch the video Equifax data breach

Link: https://youtu.be/g6sb6LhO0U4?si=XoBTKjoSuIIa8VtD

Explain the ethical issues highlighted in the Equifax data breach and
their implications.

10