With the increased use of the internet, there has been a corresponding increase in cyber crime from criminals who are seeking either financial gains or other advantages for example military. The frequency of these attacks is very high and the levels of sophistication used are great . This makes it difficult for many organizations to determine new threats, their risk factors and ways of dealing with the menace (Cetron, et al, 2009). Many times it is difficult for the organizations to determine which attacks to deal with first and how to allocate resources to deal with them.
In the commercial sector, attacks on electronic financial transactions have resulted in great financial losses and corresponding reductions in user confidence. Electronic transactions consist of funds transfers, data interchange, trade confirmations and benefits transfers. Many crimes that occur have plagued the industry for years like theft, service denial, extortion demands or fraud. Technology has however; greatly magnified the ability of major crimes to be committed in a matter of seconds. Electronic security is an industry that is growing and becoming globalised.
This industry offers services in the categories of assessment, access and utilization. To demonstrate the severity of attacks on April, 2009, Chinese and Russian spies managed to infiltrate the United States of America electrical grid and inserted disruptive software into the system (Cetron, et al, 2009). An attack which occurred prior to this one on September 2008 would have caused the collapse of the global economy were it not for intervention. Unidentified hackers robbed the lucrative American financial market accounts a total of five hundred and fifty million dollars in a little less than two hours.
If the accounts would not have been closed by the Treasury Department they would have lost almost six trillion dollars. This would have caused the global economy to collapse in approximately twenty four hours. One security threat is phishing. Phishing involves the acquisition of sensitive information like passwords, credit card details, usernames and pin numbers. It makes its presentation as being a legal entity. The unsuspecting victims are lured by receiving communications which purport to be from a popular website or payment processors. It is usually done through instant messaging services or emails (Shu-Min & Shann-Bin, 2006).
These communications directs the users to enter their details at a fraudulent website which bears a great semblance to the authentic one. Phishing attacks were observed on two popular brands which provide payment services for banks globally in the United States of America in February 2010. The fraudsters created phishing sites in English and other languages, the most popular being French. These websites targeted customers by sending spam mails with the subject proving the card number and claiming that there was a risk of fraudulent transactions taking place. This attack was created using two types of phishing websites.
The first utilised Uniform Resource Locators which were created with domain names with many top level domain variants. The most popular domain which was utilised was . cz which represented the Czech Republic. Upon entering their sensitive information into a card holder page for the false verification, the page redirected to the real website. The second attack utilised Uniform Resource Locators with Internet Protocol domains which were hosted on servers based in the United States (Glaessner, 2002). The Uniform Resource Locators strings were very long, typically with more than seven hundred characters.
The pages asked for sensitive data but had an auto signed debit card or credit card number. This auto signing was done by placing stolen numbers of cards obtained from earlier attacks on the form. Upon receipt of information the page was redirected to a blank page. Cross site scripting is a form of phishing that occurs in programs or websites that allow user input. If the input data is not properly sanitized the program may then process thee input or execute the codes which the original program was not to do. This has been used to redirect users to fake websites.
Users are advised not to click on suspicious links in emails and to check the Uniform Resource Locators of the website to authenticate brands. It is also advised that one should type the brand domain name directly into the browser address instead of following links. The use of security software has also been recommended. Pharming involves redirecting the redirection of websites traffic and taking it to a false website. Pharming is done by either converting the hosts file on the victims computer or exploiting Domain Name Systems servers software (Basu, 2009).
These Domain Names Systems servers main task is to convert internet names to their real addresses. A compromised server therefore does not direct traffic to legitimate websites. Highly vulnerable sites of compromised are near internet leaves. If wrong entries on a computers host file are made it results in circumvention of name lookup using its own name to Internet Protocol mapping, this makes it a popular target for malware. Once it is rewritten a user can be redirected to a fake copy. The better targets for pharming are desktop computers as they receive poor administration in comparison to most other internet services.
Host file compromises can compromise the network router. Many routers specify Domain Name Systems to clients on the network and wrong information here spoils the entire local area network. A compromise in routers is very hard to detect. Pharming also occurs by infecting the victims computer with malware or a virus. This causes the redirection of a website to a fake one. An unsuspecting user may enter information site unaware. To avoid pharming, users are advised to search for details that prove that the website is authentic. Typing the sites address into the browser bar also offers some protection.
Use of an antivirus to reduce virus infiltration into the computers is also recommended. Vigilance is important in warding off attacks. Trojan horses are also a great threat to internet security. Trojan horses present themselves as valuable software which is available for downloading on the internet. This fools many people into downloading the virus in the presumption that it is another application. A Trojan horse is usually separated into parts which are the client and the server. The client is usually disguised as important software and is situated in some sharing networks like peer to peer or uncertified websites for downloads.
As soon as the client Trojan is executed in the computer, the attacker who is the person operating the server has great control over the computer and can destroy it depending on his purpose. The spread of the Trojan horse virus can occur through email attachments using various spamming techniques. Malware creators spread the virus through chat software like Skype and Yahoo Messenger. The virus may also infect other machines by distributing copies of itself to those in the address book of the infected computer. There are many types of Trojan horses.
Remote access Trojans give attackers complete control of he victims computer and access to any information stored in the files. Password Trojans copy all passwords and look for passwords as they are keyed into a computer and send them to a certain email address. Key loggers log the keystrokes used by victims and send the log information to the attacker and can be configured to online and offline modes of recording. Destructive Trojans cause destructions to files and deletes them completely from infected computers. They are able to delete all system files of a computer (Basu, 2009).
While there are other types of Trojans not mentioned here, it should be noted that a Trojan may work with a combination of some of the functionalities explained. To best avoid a Trojan hose virus attack, one should open email attachments or files received from strange senders. Installing and updating an antivirus program is also helpful. For secure electronic online transactions certain criteria have to be addressed and met. There must be secure access control which determines who has access to a system and be able to deny access to intruders. Proper authentication of users and message integrity must also be established.
Privacy of the parties involved must also be safeguarded and maintained (Shu-Min & Shann-Bin, 2006). Non-repudiation must be ensured where the sender cannot deny (falsely) sending a message. The use of online signatures has also been manipulated to commit fraud. Electronic signatures are a recognized electronic way of showing that a person has accepted the contents of a message sent electronically. These signatures are increasingly being used in electronic commerce and have evolved into digitized signatures which are encrypted and more secure than a simple electronic signature.
While they are themselves subject to fraud the purpose of their creation was to combat fraud (Hansen, 1995). Electronic signatures are based on legal principles which have to be understood by the institutions which wish to use it. The use of digital signatures is a code that authenticates the origins of a document. A well done electronic signature causes the signer to be uniquely identified. It also causes the document to be locked using encryption technology and is electronically stamped throughout the process with time and date. It also stores the document for access without fear of being lost or its existence denied.
The security of electronic financial transactions can also be enhanced by the use of digital certificates against phishing and pharming. To avoid manipulation of transactions in signature based online banking, utility of Class-3 electronic card readers should be explored. Virus scanners should be used to protect from Trojan horses. Care when downloading software should be exercised. With the mass adoption of technology, countries around the world are increasingly using technological based solutions to address their needs and carry out their functions.
The use of the internet has created a highly competitive market. While cyber crime has not infiltrated or integrated itself equally in many countries it is an industry that is growing very fast and deserves much global attention (Shu-Min & Shann-Bin, 2006). As earlier discussed, it has the potential of destroying whole markets and creating great havoc. Attempts to control cyber crime have not been concerted. Many challenges have arisen in trying to control this threat. Technology is a fast changing and cyber crime has achieved very high levels of sophistication.
Cyber criminals have designed malware which are virtually undetectable and are difficult to diagnose. It has proved challenging to design and keep up with these creations (Glaessner, 2002). Due to the high levels of vulnerability to cyber attacks there is an urgent need to formulate clear policies. These policies should include guidelines on how to cyber crime is to be dealt with. This should include coming up with laws that will outline prosecution of cyber criminals due to the potential of these criminals to create damage and go unpunished and detected.
Users of the internet and the various services it offers should also assume personal responsibility for their own safety (Cetron, et al, 2009). Studies have shown that the human factor is largely the cause of the success of cyber crime rather than advancements in technology. In the United States, despite various public campaigns on internet security, people continue to be reckless with their personal information. This leaves them very vulnerable to attacks by cyber criminals. Predictions have been made that incidences of cyber crime will continue to increase. Users should therefore be very vigilant in monitoring their information.
Software to combat cyber crime is available and users should take the initiative to acquire this software to alert them of suspicious websites or claims. They should also regularly update their software like antivirus which is highly dynamic due to the creation of new viruses and malware that occurs at a very high rate (almost daily). In conclusion, electronic financial transactions have created great savings in terms of financial savings for both providers and users and reduced the wastage of time. The use of this technology has correspondingly exposed its users newer forms of crime and every effort must be made to combat cyber crime.