Recent Cybercrimes: UniCredit Bank and British Airways Data Breach
VerifiedAdded on 2023/06/04
|42
|11271
|487
AI Summary
This report discusses recent cybercrimes including UniCredit Bank and British Airways data breach. It highlights the impact of cybercrime on banks and how they are taking measures to prevent it. The report also discusses the negligence of banks in taking proper security measures and tightening them whenever necessary. It concludes with the fines that companies can face in case of a data breach.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxcv
Cybercrime-Research and Discussion
Research and Discussion on recent Cybercrimes
rtyuiopasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxcv
bnmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqwe
rtyuiopasdfghjklzxcvbnmqwertyu
iopasdfghjklzxcvbnmqwertyuiopa
sdfghjklzxcvbnmqwertyuiopasdfg
hjklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxcv
Cybercrime-Research and Discussion
Research and Discussion on recent Cybercrimes
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybercrime-Research and Discussion
Crime-Case 1
Hackers Breach 400,000 UniCredit Bank Accounts for Data
Last year, around mid-year, during last week of July, UniCredit, which is one of the Italy’s
famous and reputed banks, was reported to be the victim of a major cyber-attack that cost the
bank theft of data for approximately 400 thousand bank customers. The information related to
biographical data and loans had been stolen from the banking security of 400 thousand clients.
The intruders hacked the system and started the process of stealing data around mid-June and
carried out the process till next month until it was finally discovered by the end week of the
month of July.
A statement was issued by the CEO of the Advantage Financial, Francesco Confuorti, “An
Italian bank has been attacked for the first time in history and no stones will be left unturned to
prevent the loss of confidence. Banks will review their IT Systems from scratch and make all
necessary amendments”
An outside company, employed by the bank helped Hackers to compromise UniCredit
customer’s accounts. Several anomalies were found by the IT department during conduct of
checks which reported that few members from the external company partners are accessing
personal data of bank’s customers. The reason that the act was not caught for long duration of
more than a month is the huge amount of data associated and a difficult IT landscape.
After the attack was discovered, it was immediately blocked by UniCredit, all breaches were
sealed and systems were upgraded. It has been reported that UniCredit invested more than 3
billion euros on strengthening and upgrading of its IT systems against all kind of possible threats.
1
Crime-Case 1
Hackers Breach 400,000 UniCredit Bank Accounts for Data
Last year, around mid-year, during last week of July, UniCredit, which is one of the Italy’s
famous and reputed banks, was reported to be the victim of a major cyber-attack that cost the
bank theft of data for approximately 400 thousand bank customers. The information related to
biographical data and loans had been stolen from the banking security of 400 thousand clients.
The intruders hacked the system and started the process of stealing data around mid-June and
carried out the process till next month until it was finally discovered by the end week of the
month of July.
A statement was issued by the CEO of the Advantage Financial, Francesco Confuorti, “An
Italian bank has been attacked for the first time in history and no stones will be left unturned to
prevent the loss of confidence. Banks will review their IT Systems from scratch and make all
necessary amendments”
An outside company, employed by the bank helped Hackers to compromise UniCredit
customer’s accounts. Several anomalies were found by the IT department during conduct of
checks which reported that few members from the external company partners are accessing
personal data of bank’s customers. The reason that the act was not caught for long duration of
more than a month is the huge amount of data associated and a difficult IT landscape.
After the attack was discovered, it was immediately blocked by UniCredit, all breaches were
sealed and systems were upgraded. It has been reported that UniCredit invested more than 3
billion euros on strengthening and upgrading of its IT systems against all kind of possible threats.
1
Cybercrime-Research and Discussion
An audit has already been started by the company and UniCredit is planning to file complain
against the external business partner. Every possible step is being undertaken to strengthen and
upgrade the digital infrastructure and IT systems while maintaining a track of adjustment
requirements.
An emergency response team was created by Central bank and Italian Bank’s Association to
check the situation and to reinforce economic cyber security. The team is also working to prepare
against every possible malware attack which might hit in future. The major point of discussion is
to secure the customer’s data stored in the database from all kind of cyber-crimes as hackers may
damage it completely and make it un-usable that will corrupt all information regarding
customer’s money data.
The other measures taken by the bank to deal with the cybercrime is by charting own bank data
life cycle. The bank is keeping a watch on data’s life cycle i.e. how the data is being collected,
how the data is stored and finally how it is accessed and additional protection on the data which
is more sensitive than others. Providing a vigilant access to the data which has to accessed on
regular basis and a more secure and limited access memory location for the data that need not be
accessed on regular basis, also a secure disposition of data, which is no longer usable.
Monthly basis security check preformation has also been planned. To apply this data risk
security advisor who has experience in cyber-crimes has been appointed. It is expected that data
risk security advisor will help in discovering weak areas and timely measured could be taken for
that. It is responsibility of the management team to make sure that all the recommendations have
been carried out and progress has been made. Technology and security are different things and
often the mistake of hiring one single team to perform both tasks results in disasters. It is
2
An audit has already been started by the company and UniCredit is planning to file complain
against the external business partner. Every possible step is being undertaken to strengthen and
upgrade the digital infrastructure and IT systems while maintaining a track of adjustment
requirements.
An emergency response team was created by Central bank and Italian Bank’s Association to
check the situation and to reinforce economic cyber security. The team is also working to prepare
against every possible malware attack which might hit in future. The major point of discussion is
to secure the customer’s data stored in the database from all kind of cyber-crimes as hackers may
damage it completely and make it un-usable that will corrupt all information regarding
customer’s money data.
The other measures taken by the bank to deal with the cybercrime is by charting own bank data
life cycle. The bank is keeping a watch on data’s life cycle i.e. how the data is being collected,
how the data is stored and finally how it is accessed and additional protection on the data which
is more sensitive than others. Providing a vigilant access to the data which has to accessed on
regular basis and a more secure and limited access memory location for the data that need not be
accessed on regular basis, also a secure disposition of data, which is no longer usable.
Monthly basis security check preformation has also been planned. To apply this data risk
security advisor who has experience in cyber-crimes has been appointed. It is expected that data
risk security advisor will help in discovering weak areas and timely measured could be taken for
that. It is responsibility of the management team to make sure that all the recommendations have
been carried out and progress has been made. Technology and security are different things and
often the mistake of hiring one single team to perform both tasks results in disasters. It is
2
Cybercrime-Research and Discussion
generally not advisable to have one team to perform both duties i.e. to handle technology data
and to secure this data. An information security officer has been appointed by the UniCredit for
this purpose whose job is to report to the administrators to endure visibility and momentum.
Each representative of the association must be instructed on the purposes of introduction to
dangers and the methods on protecting any upcoming threat and if any staff members notices any
kind of anomaly than it must be reported immediately to the concerned person. Month to month
updates must be the obligation of ISO with the goal that it turns into a daily practice for
representatives to be alarm. Introduction to internet based life inside the banks must be
exceptionally restricted or be totally prematurely ended as dangers are bound to oversharing via
web-based networking media, for instance if an architect posts about her involvement with
particular switches, firewalls and OS, she is unwittingly mapping the system for potential
aggressor.
Passwords related to business transactions must be changed a few times in a year and it ought to
be a decent mix of capitals, letters, lowercase and numbers. Gatecrashers, like every single other
seeker will have a go at assaulting its weakest prey. All the security forms must be strong to the
point that programmers need to search for some other casualty.
Introduction and Thesis
Most of the cybercrimes that has been discussed in this report are related to banks which clearly
show that fraudsters are making attempts to transfer money directly from the accounts. The
common reason that the attack occurred in first place, in all the cases seems to be the negligence,
the negligence for taking proper security measures and tightening them whenever necessary, the
3
generally not advisable to have one team to perform both duties i.e. to handle technology data
and to secure this data. An information security officer has been appointed by the UniCredit for
this purpose whose job is to report to the administrators to endure visibility and momentum.
Each representative of the association must be instructed on the purposes of introduction to
dangers and the methods on protecting any upcoming threat and if any staff members notices any
kind of anomaly than it must be reported immediately to the concerned person. Month to month
updates must be the obligation of ISO with the goal that it turns into a daily practice for
representatives to be alarm. Introduction to internet based life inside the banks must be
exceptionally restricted or be totally prematurely ended as dangers are bound to oversharing via
web-based networking media, for instance if an architect posts about her involvement with
particular switches, firewalls and OS, she is unwittingly mapping the system for potential
aggressor.
Passwords related to business transactions must be changed a few times in a year and it ought to
be a decent mix of capitals, letters, lowercase and numbers. Gatecrashers, like every single other
seeker will have a go at assaulting its weakest prey. All the security forms must be strong to the
point that programmers need to search for some other casualty.
Introduction and Thesis
Most of the cybercrimes that has been discussed in this report are related to banks which clearly
show that fraudsters are making attempts to transfer money directly from the accounts. The
common reason that the attack occurred in first place, in all the cases seems to be the negligence,
the negligence for taking proper security measures and tightening them whenever necessary, the
3
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybercrime-Research and Discussion
negligence for properly addressing the breaches or application of special authentication services
which could help in preventing the fraud in first place.
2018 shows no sign that cybercrimes are going to slow down in times ahead. To prevent and
handle this new crime agency is emerging who is working on inexpensive tools and capability of
immense benefits promoted through detailed hacking outrages inside the media. Over this,
hacking instruments and methods are expanding in modernity and availability. These
consolidated variables have prompted a blasting digital crime economy. For example, ransom
ware alone was a US$1 billion (£740 million) industry a year ago.
In the upcoming years we can realize more crypto jacking activity. Its rapidly increasing value is
the cause for its rising popularity. In year 2017, just in a day, Connections that were blocked by
Malware bytes rose to 11 million and still increasing.
Strikingly, crypto-mining has obscured the lines between regular web clients and digital
lawbreakers. It's presently conceivable that individual mining cryptographic money is doing as
such for their very own monetary profit, focusing on guests to their very own web properties.
This standard could prompt a mass appropriation of crypto-mining as a genuine type of online
income creation, and could even wind up supplanting promoting now and again.
Nonetheless, the biggest segment of crypto-jacking is probably going to happen from authentic
sites bargained to mine money to extend a criminal's pockets. While digital lawbreakers are
expanding in modernity, sluggishness will unquestionably factor into choosing their identity
going to target. Eventually, digital crooks will keep on focusing on the most straightforward
endpoints to enter.
4
negligence for properly addressing the breaches or application of special authentication services
which could help in preventing the fraud in first place.
2018 shows no sign that cybercrimes are going to slow down in times ahead. To prevent and
handle this new crime agency is emerging who is working on inexpensive tools and capability of
immense benefits promoted through detailed hacking outrages inside the media. Over this,
hacking instruments and methods are expanding in modernity and availability. These
consolidated variables have prompted a blasting digital crime economy. For example, ransom
ware alone was a US$1 billion (£740 million) industry a year ago.
In the upcoming years we can realize more crypto jacking activity. Its rapidly increasing value is
the cause for its rising popularity. In year 2017, just in a day, Connections that were blocked by
Malware bytes rose to 11 million and still increasing.
Strikingly, crypto-mining has obscured the lines between regular web clients and digital
lawbreakers. It's presently conceivable that individual mining cryptographic money is doing as
such for their very own monetary profit, focusing on guests to their very own web properties.
This standard could prompt a mass appropriation of crypto-mining as a genuine type of online
income creation, and could even wind up supplanting promoting now and again.
Nonetheless, the biggest segment of crypto-jacking is probably going to happen from authentic
sites bargained to mine money to extend a criminal's pockets. While digital lawbreakers are
expanding in modernity, sluggishness will unquestionably factor into choosing their identity
going to target. Eventually, digital crooks will keep on focusing on the most straightforward
endpoints to enter.
4
Cybercrime-Research and Discussion
Because of an absence of subsidizing, instructive establishments' IT frameworks are regularly
under-secured and they frequently come up short on the assets to shield themselves if an assault
were to happen. To a digital criminal that is the meaning of an obvious objective.
References
Edward, R., & Sirletti, S. (2017, July). Hackers Breach 400,000 UniCredit Bank Accounts for
Data. Bloomberg. Retrieved from https://www.bloomberg.com/news/articles.
Kerner, S. (2017, Feb 7). Sentry MBA Uses Credential Stuffing To Hack Sites. p. 8.
Coffman, H. (2017). The 414 Gang Strikes Again. Time. p. 75.
Nathan, J. (2017). At Microsoft, Interlopers Sound Off on Security. The New York Times
Retrieved from http://www.timesonline.co.uk.
Ramon, Y., & Ray, H. (2017). The Growing Hacking Threat to Websites: An Ongoing
Commitment to Web Application Security. The Journal of the Frost & Sullivan. 13(3-4),
147-148
Yagoda, K. (2017). The Hacker Crackdown. McLean, Virginia. IndyPublish.com. p. 61.
5
Because of an absence of subsidizing, instructive establishments' IT frameworks are regularly
under-secured and they frequently come up short on the assets to shield themselves if an assault
were to happen. To a digital criminal that is the meaning of an obvious objective.
References
Edward, R., & Sirletti, S. (2017, July). Hackers Breach 400,000 UniCredit Bank Accounts for
Data. Bloomberg. Retrieved from https://www.bloomberg.com/news/articles.
Kerner, S. (2017, Feb 7). Sentry MBA Uses Credential Stuffing To Hack Sites. p. 8.
Coffman, H. (2017). The 414 Gang Strikes Again. Time. p. 75.
Nathan, J. (2017). At Microsoft, Interlopers Sound Off on Security. The New York Times
Retrieved from http://www.timesonline.co.uk.
Ramon, Y., & Ray, H. (2017). The Growing Hacking Threat to Websites: An Ongoing
Commitment to Web Application Security. The Journal of the Frost & Sullivan. 13(3-4),
147-148
Yagoda, K. (2017). The Hacker Crackdown. McLean, Virginia. IndyPublish.com. p. 61.
5
Cybercrime-Research and Discussion
Crime-Case 2
Data Breach of British Airways Customers in a Massive Cyber-attack
In the month of September, this year, British Airways became a victim to a massive cyber-attack
that compromised the personal data of approximately 3, 80,000 customers related to credit card
details. It has been confirmed by the authorized officials that hackers had stolen sufficient details
which can be used to make a fraudulent payment such as: Expiry Dates, Credit Card Numbers,
Names and CVV code. The victim customers were the one who booked the flight using BA
(British Airways) app between August 21 and September 5.
The breach was noticed by the third party whose name has not been disclosed by the BA but it
believed to be some other airline company who has been victim to same kind of hacking. In a
statement given by the spokesperson of BA it has been said that breach has been sealed and issue
is now closed and a thorough investigation is going on as a matter of urgency.
The total number of customers affected by the security breach has been reported to be around 3,
80,000. The bookings which were made outside the 15 day timeframe have reported to be
unaffected. Only the bookings that were made directly using BA website or app were affected.
Any bookings made with the help of travel agents remained unaffected. Also, passengers who
booked their BA flights using other third party websites such as Iberia, American Airlines or Aer
Lingus were not affected by the breach.
With the information stolen, frauds can range for a number of options such as making online
purchases to data selling to criminals who can in turn clone the cards and use it for future use
under the name of original owner. The British Airline stressed on the part that any theft of
6
Crime-Case 2
Data Breach of British Airways Customers in a Massive Cyber-attack
In the month of September, this year, British Airways became a victim to a massive cyber-attack
that compromised the personal data of approximately 3, 80,000 customers related to credit card
details. It has been confirmed by the authorized officials that hackers had stolen sufficient details
which can be used to make a fraudulent payment such as: Expiry Dates, Credit Card Numbers,
Names and CVV code. The victim customers were the one who booked the flight using BA
(British Airways) app between August 21 and September 5.
The breach was noticed by the third party whose name has not been disclosed by the BA but it
believed to be some other airline company who has been victim to same kind of hacking. In a
statement given by the spokesperson of BA it has been said that breach has been sealed and issue
is now closed and a thorough investigation is going on as a matter of urgency.
The total number of customers affected by the security breach has been reported to be around 3,
80,000. The bookings which were made outside the 15 day timeframe have reported to be
unaffected. Only the bookings that were made directly using BA website or app were affected.
Any bookings made with the help of travel agents remained unaffected. Also, passengers who
booked their BA flights using other third party websites such as Iberia, American Airlines or Aer
Lingus were not affected by the breach.
With the information stolen, frauds can range for a number of options such as making online
purchases to data selling to criminals who can in turn clone the cards and use it for future use
under the name of original owner. The British Airline stressed on the part that any theft of
6
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cybercrime-Research and Discussion
passport details of the customers has not been reported which means that no connectivity has
been found related to customer’s planned dates away from home and its name and address.
The nature and pattern of the fraud stresses on the idea that it all happened during final stage of
making payment while booking a flight using BA app. Though, bank does not want to
investigate the nature or pattern of fraud, it is more interested in checking what kind of details
has been stolen.
Stephanie Jowers, is one of the customers, who booked the flight within hacking timeframe, and
became victim as her card was charged with a heavy amount and she did not had any idea till
then that her card has been compromised. When she contacted BA, she was informed that
amount will be refunded within 3-4 days and none other explanation was given to her. Later she
got the news of hacking through social media. Mr. Cruz, Chairman at British Airways, spoken in
an interview that all affected customers have been contacted and they will be compensated as
soon. He promised that none of the customer will suffer any financial loss due to the data breach.
It has been reported that BA can be fined more than 500 million euros due to compromised data
of the customers which is according to law makes BA faulty for not able to secure their system
as needed. Various regulators are in conversation over data breach which includes The
Information Commissioner's Office, The National Cyber Security Center and The National
Crime Agency.
The data breach at British Airways took after the introduction of the new act related to Data
Protection and it even includes the provisions of new European GDPR.As per the new rules, the
fine company has to pay in case of breach of data is 17 million euros or four percent of the yearly
turnover, whichever is greater out of two.
7
passport details of the customers has not been reported which means that no connectivity has
been found related to customer’s planned dates away from home and its name and address.
The nature and pattern of the fraud stresses on the idea that it all happened during final stage of
making payment while booking a flight using BA app. Though, bank does not want to
investigate the nature or pattern of fraud, it is more interested in checking what kind of details
has been stolen.
Stephanie Jowers, is one of the customers, who booked the flight within hacking timeframe, and
became victim as her card was charged with a heavy amount and she did not had any idea till
then that her card has been compromised. When she contacted BA, she was informed that
amount will be refunded within 3-4 days and none other explanation was given to her. Later she
got the news of hacking through social media. Mr. Cruz, Chairman at British Airways, spoken in
an interview that all affected customers have been contacted and they will be compensated as
soon. He promised that none of the customer will suffer any financial loss due to the data breach.
It has been reported that BA can be fined more than 500 million euros due to compromised data
of the customers which is according to law makes BA faulty for not able to secure their system
as needed. Various regulators are in conversation over data breach which includes The
Information Commissioner's Office, The National Cyber Security Center and The National
Crime Agency.
The data breach at British Airways took after the introduction of the new act related to Data
Protection and it even includes the provisions of new European GDPR.As per the new rules, the
fine company has to pay in case of breach of data is 17 million euros or four percent of the yearly
turnover, whichever is greater out of two.
7
Cybercrime-Research and Discussion
The global turnover of the company British Airways, as reported by the year end 31st December
2017, is around 12.2 billion which means that according to new rules if ICO takes proper action
against the company it can be fined for a total amount of 500 million euros. At present ICO is
concerned with another data breach case at Dixons Carphone. The spokesperson at BA said that
they are co-operating with all the pertinent regulators subsequent the breach of data.
A video message surfaced online which stated that the breach is now in control and website is
working all fine. Security systems have been tightened and it is believed that any kind of threat
in the future will be detected before it could affect systems. The spokesperson has also requested
victim customers to look out for any unusual activity on their bank accounts.
On 11th September, 2018, a cyber-security firm blamed Magecart, a persistent and sophisticated
hacking group, for the data breach against U.S. largest airline, British Airways. Magecart,
reportedly carried out a series of wide-ranging digital credit-card cloning campaigns during early
months of this year. Hacker’s group set besieged infrastructure to get mixed with the website of
BA and managed to avoid any detection for 15 days long period.
Although it is not possible to know exactly how far the hackers were able to get into the systems
and what kind of data is actually they have stolen but it is clear that they were able to modify a
resource and get access to the systems substantially and they might have gained access to the
systems long before actual attack implants a threat on online transactions and its vulnerability.
Introduction and Thesis
The common relation between all four crime cases has found to be that we push the updates to
the back burner. In present times it is not good to underestimate the power of a hacker. A good
hacker can crack 2/3rd of the passwords within few minutes that exists on the online systems in
8
The global turnover of the company British Airways, as reported by the year end 31st December
2017, is around 12.2 billion which means that according to new rules if ICO takes proper action
against the company it can be fined for a total amount of 500 million euros. At present ICO is
concerned with another data breach case at Dixons Carphone. The spokesperson at BA said that
they are co-operating with all the pertinent regulators subsequent the breach of data.
A video message surfaced online which stated that the breach is now in control and website is
working all fine. Security systems have been tightened and it is believed that any kind of threat
in the future will be detected before it could affect systems. The spokesperson has also requested
victim customers to look out for any unusual activity on their bank accounts.
On 11th September, 2018, a cyber-security firm blamed Magecart, a persistent and sophisticated
hacking group, for the data breach against U.S. largest airline, British Airways. Magecart,
reportedly carried out a series of wide-ranging digital credit-card cloning campaigns during early
months of this year. Hacker’s group set besieged infrastructure to get mixed with the website of
BA and managed to avoid any detection for 15 days long period.
Although it is not possible to know exactly how far the hackers were able to get into the systems
and what kind of data is actually they have stolen but it is clear that they were able to modify a
resource and get access to the systems substantially and they might have gained access to the
systems long before actual attack implants a threat on online transactions and its vulnerability.
Introduction and Thesis
The common relation between all four crime cases has found to be that we push the updates to
the back burner. In present times it is not good to underestimate the power of a hacker. A good
hacker can crack 2/3rd of the passwords within few minutes that exists on the online systems in
8
Cybercrime-Research and Discussion
today’s date. Passwords which are weak like consisting only of numbers, only of capitals must
not be used as they are too easy to be cracked. So negligence can found to be the only issue that
is common in all four crime cases which result the attack in first place.
Access to digital insight is essential for each association and government establishment so as to
know the rotations in the threat arrive alongside a comprehension of their introduction. This is
the restricted to stay one stage in front of programmers knowing the risk and remaining safe. In
the event that associations have known the conditions they would have officially gone for the
higher need Eternal Blue fixing.
Keeping up reinforcement of the information on the regular routine by adjusting some course of
events or methods to reestablish reinforcement information as per the business coherence plan of
the association is a noteworthy hazard alleviation thought. Survey the affiliation's event response
and disaster status expects to affirm that they can without much of a stretch location rebuilding
from a payoff product event.
References
Beavers, O. (2018). Security firm blames hacking group for British Airways Cyber-attack, The
hill.com, Retrieved on 3rd October 2018, from https://thehill.com/policy/cybersecurity/405912-
security-firm-blames-hacking-group-for-british-airways-cyberattack.
Serena, N. (2018). British Airways hacking: Customers cancel credit cards as airline defends
handling of 'sophisticated' cyber-attack, Telegraph Reporters, The Telegraph News, Retrieved on
3rd October 2018, from https://www.telegraph.co.uk/news/2018/09/07/british-airways-hacking-
customers-cancel-credit-cards-airline.
9
today’s date. Passwords which are weak like consisting only of numbers, only of capitals must
not be used as they are too easy to be cracked. So negligence can found to be the only issue that
is common in all four crime cases which result the attack in first place.
Access to digital insight is essential for each association and government establishment so as to
know the rotations in the threat arrive alongside a comprehension of their introduction. This is
the restricted to stay one stage in front of programmers knowing the risk and remaining safe. In
the event that associations have known the conditions they would have officially gone for the
higher need Eternal Blue fixing.
Keeping up reinforcement of the information on the regular routine by adjusting some course of
events or methods to reestablish reinforcement information as per the business coherence plan of
the association is a noteworthy hazard alleviation thought. Survey the affiliation's event response
and disaster status expects to affirm that they can without much of a stretch location rebuilding
from a payoff product event.
References
Beavers, O. (2018). Security firm blames hacking group for British Airways Cyber-attack, The
hill.com, Retrieved on 3rd October 2018, from https://thehill.com/policy/cybersecurity/405912-
security-firm-blames-hacking-group-for-british-airways-cyberattack.
Serena, N. (2018). British Airways hacking: Customers cancel credit cards as airline defends
handling of 'sophisticated' cyber-attack, Telegraph Reporters, The Telegraph News, Retrieved on
3rd October 2018, from https://www.telegraph.co.uk/news/2018/09/07/british-airways-hacking-
customers-cancel-credit-cards-airline.
9
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybercrime-Research and Discussion
Buchanan, B. (2018). 2018British Airways Hack: This Is How Companies Shouldn't Handle
Data Breaches, The Conversation on September 10, Retrieved on 3rd October 2018, from
https://www.inverse.com/article/48827-british-airways-data-hack.
Crime-Case 3
Hackers Stole $6 Million in Cyber Attack on SWIFT System: Russian Central
Bank
Russian Central bank became the victim of a major cyber-attack which resulted in the loss of
approximately 4.8 million euros (339.5 million roubles in Russian currency) to the bank. On 16th
February, 2018 country's central bank admitted the attack and reported that the act has been
carried out using global payment network SWIFT. The attack was carried out last year in the
month of December, but it was admitted only in February this year.
The authorized persons of Central Bank defined this cyber-attack as a classic-scheme, which was
apparently uncovered at the base of a write about computerized robberies in the Russian
10
Buchanan, B. (2018). 2018British Airways Hack: This Is How Companies Shouldn't Handle
Data Breaches, The Conversation on September 10, Retrieved on 3rd October 2018, from
https://www.inverse.com/article/48827-british-airways-data-hack.
Crime-Case 3
Hackers Stole $6 Million in Cyber Attack on SWIFT System: Russian Central
Bank
Russian Central bank became the victim of a major cyber-attack which resulted in the loss of
approximately 4.8 million euros (339.5 million roubles in Russian currency) to the bank. On 16th
February, 2018 country's central bank admitted the attack and reported that the act has been
carried out using global payment network SWIFT. The attack was carried out last year in the
month of December, but it was admitted only in February this year.
The authorized persons of Central Bank defined this cyber-attack as a classic-scheme, which was
apparently uncovered at the base of a write about computerized robberies in the Russian
10
Cybercrime-Research and Discussion
managing an account segment. As per the report, the national bank said it was sent data with
respect to "one effective assault on the work place of a Swift framework administrator".
A spokesperson from the bank told the media that one of the country’s central bank was hacked
and taken in control to carry out the process and then by the help of SWIFT payment facility
hackers were able to transfer millions of roubles into their accounts. It was also said that it had
been sent data around "one fruitful assault on the working environment of a SWIFT framework
administrator" without naming the establishment included.
With this attack, memories of a previous Bangladesh attack evoked which took place by similar
means of SWIFT payment in the year 2016 which resulted in the loss of 81 million US dollars. It
doesn’t mean that SWIFT payments are not secure. It is used by more than 12000 institutes in
more than 200 countries over the globe and is accountable for trillions of euros transfer on daily
basis. SWIFT’s own spokesperson said in an interview that its own data systems have never been
attacked or ever part of any cyber-crime.
As per the report by Security Week Organization, hackers could have used easily available tools
such as Mimikatz, Empire, Cobalt Strike and Metasploit to achieve their goals. To caution
“These kind of attacks and threats threaten the stability of our financial institutions” cyber-
security strategist at Juniper Networks, Nick Bilogorskiy said that “they should fill in as an
invitation to take action for universal law requirement collaboration on shielding our worldwide
money related frameworks. Nick also said that, generally hackers groups ensues two methods to
carry out the attack either SWIFT wire transfers or ATM jackpotting. The other major reasons
for these kinds of attacks are the interconnectivity of all financial institutions and banks which
makes all money and data vulnerable to hacks and this is the reason that helps international
11
managing an account segment. As per the report, the national bank said it was sent data with
respect to "one effective assault on the work place of a Swift framework administrator".
A spokesperson from the bank told the media that one of the country’s central bank was hacked
and taken in control to carry out the process and then by the help of SWIFT payment facility
hackers were able to transfer millions of roubles into their accounts. It was also said that it had
been sent data around "one fruitful assault on the working environment of a SWIFT framework
administrator" without naming the establishment included.
With this attack, memories of a previous Bangladesh attack evoked which took place by similar
means of SWIFT payment in the year 2016 which resulted in the loss of 81 million US dollars. It
doesn’t mean that SWIFT payments are not secure. It is used by more than 12000 institutes in
more than 200 countries over the globe and is accountable for trillions of euros transfer on daily
basis. SWIFT’s own spokesperson said in an interview that its own data systems have never been
attacked or ever part of any cyber-crime.
As per the report by Security Week Organization, hackers could have used easily available tools
such as Mimikatz, Empire, Cobalt Strike and Metasploit to achieve their goals. To caution
“These kind of attacks and threats threaten the stability of our financial institutions” cyber-
security strategist at Juniper Networks, Nick Bilogorskiy said that “they should fill in as an
invitation to take action for universal law requirement collaboration on shielding our worldwide
money related frameworks. Nick also said that, generally hackers groups ensues two methods to
carry out the attack either SWIFT wire transfers or ATM jackpotting. The other major reasons
for these kinds of attacks are the interconnectivity of all financial institutions and banks which
makes all money and data vulnerable to hacks and this is the reason that helps international
11
Cybercrime-Research and Discussion
groups of criminals to monetize these risks.
When the attack was made on Bangladesh Central Bank in 2016, SWIFT came up with an 18
page report that informed banks on the warnings related to the cyber-attacks. It informed about
the digital hackers growing sophistication level. In the report all new creative techniques which
are nowadays used by the attackers were listed such as deploying highly covert malware,
tampering with legitimate functionality to bypass two-factor authentication, manipulating
software in memory and gaining Administrator rights for operating systems.
In couple of years only, slew of banks have been the target of hackers where mode of payment
has found to be SWIFT. India’s City Union banl was targeted and whooping amount of 2 million
dollars was transferred using SWIFT and the accounts to which money was transferred was
reported to be from China, Turkey and Dubai.
An ISAC portal was also countered by SWIFT which acts as a Cyber-threat intelligence sharing
service. With the help of this service SWIFT customers can download attack Indicators of
Compromise, YARA rules and malware file hashes which will help protecting their systems
against these kinds of attacks. SWIFT stressed on practicing ‘in depth defense’ to each bank with
the combination of counter-measures, barriers and multiple layered cyber-defense components.
Natasha De Teran, is a spokesperson from SWIFT who stated that “we are open to assist anyone
who needs help regarding securing their environment. Any time any fraud is being reported,
proper and sufficient measures are undertaken to resolve the matter completely”.
Introduction and Thesis
12
groups of criminals to monetize these risks.
When the attack was made on Bangladesh Central Bank in 2016, SWIFT came up with an 18
page report that informed banks on the warnings related to the cyber-attacks. It informed about
the digital hackers growing sophistication level. In the report all new creative techniques which
are nowadays used by the attackers were listed such as deploying highly covert malware,
tampering with legitimate functionality to bypass two-factor authentication, manipulating
software in memory and gaining Administrator rights for operating systems.
In couple of years only, slew of banks have been the target of hackers where mode of payment
has found to be SWIFT. India’s City Union banl was targeted and whooping amount of 2 million
dollars was transferred using SWIFT and the accounts to which money was transferred was
reported to be from China, Turkey and Dubai.
An ISAC portal was also countered by SWIFT which acts as a Cyber-threat intelligence sharing
service. With the help of this service SWIFT customers can download attack Indicators of
Compromise, YARA rules and malware file hashes which will help protecting their systems
against these kinds of attacks. SWIFT stressed on practicing ‘in depth defense’ to each bank with
the combination of counter-measures, barriers and multiple layered cyber-defense components.
Natasha De Teran, is a spokesperson from SWIFT who stated that “we are open to assist anyone
who needs help regarding securing their environment. Any time any fraud is being reported,
proper and sufficient measures are undertaken to resolve the matter completely”.
Introduction and Thesis
12
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cybercrime-Research and Discussion
As I studied all the cyber-attacks written in the report, the common problem or reason why the
attack took place is “Optimism Biasness i.e. it will not happen to me”. Due to this even after
knowing that there are breaches in the security firms doesn’t care to tighten the security. I can
see in the report that banks did not cared to update their systems even after they were informed
by the security officer that this can be harmful. This is another reason that these kinds of attacks
take place.
As per the author of a book “Future Crimes: Everything Is Connected, Everyone Is Vulnerable,
And What We Can Do about It” Mr. Marc Goodman, these all cyber-attacks and all just a
beginning. The interconnectivity on internet which is for now 15 billion is predicted to be 200
billion by the year 2020 and this will make cyber-attacks more vulnerable. Mr. Barack Obama,
former U.S. president, said in an interview that we will need to think more and more if a solution
to the problem is needed.
Security Software providers are likely to be the target in upcoming years. Programmers will
misuse security items, by straightforwardly subverting the operator on the endpoint, or capturing
and diverting cloud activity.
These assaults will have a two dimensional impact. Right off the bat, by penetrating confided in
projects, programming and outsider providers’ aggressors can control gadgets and use their
situation to control clients. Furthermore, as these occasions wind up open learning, the client and
business impression of security programming, especially that of antivirus arrangements (AV),
will break down and may pick up a deceitful notoriety.
References
13
As I studied all the cyber-attacks written in the report, the common problem or reason why the
attack took place is “Optimism Biasness i.e. it will not happen to me”. Due to this even after
knowing that there are breaches in the security firms doesn’t care to tighten the security. I can
see in the report that banks did not cared to update their systems even after they were informed
by the security officer that this can be harmful. This is another reason that these kinds of attacks
take place.
As per the author of a book “Future Crimes: Everything Is Connected, Everyone Is Vulnerable,
And What We Can Do about It” Mr. Marc Goodman, these all cyber-attacks and all just a
beginning. The interconnectivity on internet which is for now 15 billion is predicted to be 200
billion by the year 2020 and this will make cyber-attacks more vulnerable. Mr. Barack Obama,
former U.S. president, said in an interview that we will need to think more and more if a solution
to the problem is needed.
Security Software providers are likely to be the target in upcoming years. Programmers will
misuse security items, by straightforwardly subverting the operator on the endpoint, or capturing
and diverting cloud activity.
These assaults will have a two dimensional impact. Right off the bat, by penetrating confided in
projects, programming and outsider providers’ aggressors can control gadgets and use their
situation to control clients. Furthermore, as these occasions wind up open learning, the client and
business impression of security programming, especially that of antivirus arrangements (AV),
will break down and may pick up a deceitful notoriety.
References
13
Cybercrime-Research and Discussion
Dogra, S. (2018). Hackers Stole $6 Million in Cyber Attack on SWIFT System: Russian
Central Bank, Retrieved on 3rd October 2018, from https://www.news18.com/news/tech/hackers-
stole-6-million-in-cyber-attack-on-swift-system-russian-central-bank-1662841.html
Pierluigi, P. (2018). Unknown hackers stole $6 million from a Russian bank via SWIFT system
last year, Retrieved on 3rd October 2018, from https://securityaffairs.co/wordpress/69159/cyber-
crime/russian-bank-swift-hack.html
Mascarenhas, H. (2018). Russia's central bank: Hackers stole $6m from local bank in 'classic
scheme' abusing Swift network, Retrieved on 3rd October 2018, from
https://www.ibtimes.co.uk/russias-central-bank-hackers-stole-6m-local-bank-classic-scheme-
abusing-swift-network-1662288.
Kovacs,E. (2018). Millions Stolen From Russian, Indian Banks in SWIFT Attacks, Retrieved on
3rd October 2018, from https://www.securityweek.com/millions-stolen-russian-indian-banks-
swift-attacks
Robinson, T. (2018). More than £4 million stolen from Russian central bank via SWIFT system,
Retrieved on 3rd October 2018, from https://www.scmagazineuk.com/4-million-stolen-russian-
central-bank-via-swift-system/article/1473235
Berry, N. (2018). Hackers stole $6 million in Russia bank attack via SWIFT system, Retrieved
on 3rd October 2018, from https://www.dw.com/en/hackers-stole-6-million-in-russia-bank-attack-
via-swift-system/a-42616207
14
Dogra, S. (2018). Hackers Stole $6 Million in Cyber Attack on SWIFT System: Russian
Central Bank, Retrieved on 3rd October 2018, from https://www.news18.com/news/tech/hackers-
stole-6-million-in-cyber-attack-on-swift-system-russian-central-bank-1662841.html
Pierluigi, P. (2018). Unknown hackers stole $6 million from a Russian bank via SWIFT system
last year, Retrieved on 3rd October 2018, from https://securityaffairs.co/wordpress/69159/cyber-
crime/russian-bank-swift-hack.html
Mascarenhas, H. (2018). Russia's central bank: Hackers stole $6m from local bank in 'classic
scheme' abusing Swift network, Retrieved on 3rd October 2018, from
https://www.ibtimes.co.uk/russias-central-bank-hackers-stole-6m-local-bank-classic-scheme-
abusing-swift-network-1662288.
Kovacs,E. (2018). Millions Stolen From Russian, Indian Banks in SWIFT Attacks, Retrieved on
3rd October 2018, from https://www.securityweek.com/millions-stolen-russian-indian-banks-
swift-attacks
Robinson, T. (2018). More than £4 million stolen from Russian central bank via SWIFT system,
Retrieved on 3rd October 2018, from https://www.scmagazineuk.com/4-million-stolen-russian-
central-bank-via-swift-system/article/1473235
Berry, N. (2018). Hackers stole $6 million in Russia bank attack via SWIFT system, Retrieved
on 3rd October 2018, from https://www.dw.com/en/hackers-stole-6-million-in-russia-bank-attack-
via-swift-system/a-42616207
14
Cybercrime-Research and Discussion
Stubbs, J. (2018). Russian Central Bank: Hackers Stole $6 Million in Attack on SWIFT System,
Retrieved on 3rd October 2018, from https://thewire.in/banking/russian-central-bank-hackers-
stole-6-million-in-attack-on-swift-system.
Crime-Case 4
Tesco Bank cyber-thieves stole £2.5m from 9,000 people
Tesco, a British retail Bank formed in the year 1997 and solely owned by Tesco plc became a
victim of cyber-attack where customer’s account data was compromised to steal the money.
Although this attack took place in the year 2016, but it has been picked as a recent crime studies
because FCA has recently declared a fine of 16 million euros to be paid by the bank. In a report
published by the official person’s at Tesco Bank, it was reported that an unparalleled attack has
been surfaced on the online accounts related to Tesco Bank’s customers that resulted in a loss of
huge amount of money i.e. approximately 2.5 million euros. Previously it was said that the total
number of victim customer’s whose accounts have been compromised is around 20,000 but in
the final report the number was mentioned to be around 9000.
The response to the attack was quick as all the online transactions were suspended for undefined
time in order to prevent any more attacking activity. As per the reports, Pin card payments, use
of chip, cashpoint withdrawals and direct debits were still permitted.
Initially it was not known what caused the attack and regulators and authorities promised to look
into the matter in deep and investigate the loop holes that helped this kind of ‘systemic and
sophisticated attack’. After a thorough investigation on the attack Security Pundits blamed
15
Stubbs, J. (2018). Russian Central Bank: Hackers Stole $6 Million in Attack on SWIFT System,
Retrieved on 3rd October 2018, from https://thewire.in/banking/russian-central-bank-hackers-
stole-6-million-in-attack-on-swift-system.
Crime-Case 4
Tesco Bank cyber-thieves stole £2.5m from 9,000 people
Tesco, a British retail Bank formed in the year 1997 and solely owned by Tesco plc became a
victim of cyber-attack where customer’s account data was compromised to steal the money.
Although this attack took place in the year 2016, but it has been picked as a recent crime studies
because FCA has recently declared a fine of 16 million euros to be paid by the bank. In a report
published by the official person’s at Tesco Bank, it was reported that an unparalleled attack has
been surfaced on the online accounts related to Tesco Bank’s customers that resulted in a loss of
huge amount of money i.e. approximately 2.5 million euros. Previously it was said that the total
number of victim customer’s whose accounts have been compromised is around 20,000 but in
the final report the number was mentioned to be around 9000.
The response to the attack was quick as all the online transactions were suspended for undefined
time in order to prevent any more attacking activity. As per the reports, Pin card payments, use
of chip, cashpoint withdrawals and direct debits were still permitted.
Initially it was not known what caused the attack and regulators and authorities promised to look
into the matter in deep and investigate the loop holes that helped this kind of ‘systemic and
sophisticated attack’. After a thorough investigation on the attack Security Pundits blamed
15
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybercrime-Research and Discussion
variously but the exact cause is still unknown. It has been believed that the reason could be
exploitation of a third-party supplier retail partner for the breach, an inside job or credential
surfing.
The attack was acknowledged as serious problem by the CEO at Financial Conduct Authority,
Andrew Bailey. He told MPs that in UK the act was unprecedented and has been considered as
most urgent matter to be resolved. Chief Executive at Tesco Bank, Mr. Benny Higgins, made an
apology to its customers by the statement “Customer’s privacy data and account data is our top-
most priority and we are trying our best to protect it, we are very sorry for all the inconvenience
that has caused due to the issue arisen”. Mr. Higgins further added a statement that “All the
online activities and transactions have been resolved to its normal routine and accounts affected
by the attack have been refunded with exact amounts”. It was also made sure in the report that
none of the private data related to customer’s name and address has been stolen.
Tesco assured that a thorough crime investigation is going on to detect the actual cause of the
attack. National Crime Agency is working with NCSC to look into the cyber-attack, as this
attack is believed to be largest in history. NCSC (National Cyber Security Centre) stated that
they will provide on request direct assistance to the company which will include on-site
assistance.
Bailey told in an interview that it is still too early to make any statement on the cause of attack
and it still need further urgent analysis. He also said that by the initial investigation attack could
have been related to debit cards and attackers looked for the weakness and entry point into the
customer’s bank accounts. Many theories surfaced about what caused the problem which
16
variously but the exact cause is still unknown. It has been believed that the reason could be
exploitation of a third-party supplier retail partner for the breach, an inside job or credential
surfing.
The attack was acknowledged as serious problem by the CEO at Financial Conduct Authority,
Andrew Bailey. He told MPs that in UK the act was unprecedented and has been considered as
most urgent matter to be resolved. Chief Executive at Tesco Bank, Mr. Benny Higgins, made an
apology to its customers by the statement “Customer’s privacy data and account data is our top-
most priority and we are trying our best to protect it, we are very sorry for all the inconvenience
that has caused due to the issue arisen”. Mr. Higgins further added a statement that “All the
online activities and transactions have been resolved to its normal routine and accounts affected
by the attack have been refunded with exact amounts”. It was also made sure in the report that
none of the private data related to customer’s name and address has been stolen.
Tesco assured that a thorough crime investigation is going on to detect the actual cause of the
attack. National Crime Agency is working with NCSC to look into the cyber-attack, as this
attack is believed to be largest in history. NCSC (National Cyber Security Centre) stated that
they will provide on request direct assistance to the company which will include on-site
assistance.
Bailey told in an interview that it is still too early to make any statement on the cause of attack
and it still need further urgent analysis. He also said that by the initial investigation attack could
have been related to debit cards and attackers looked for the weakness and entry point into the
customer’s bank accounts. Many theories surfaced about what caused the problem which
16
Cybercrime-Research and Discussion
included internal security breach. One of the members of Treasury select committee, Mr. Chris
Philip stated that “It is not possible to rule out the possibilities and it is all state-sponsored”
Few Months later the attack surfaced, a team of academics claimed that there were flaws in the
Visa card payment system of the company that helped the fraudsters to carry out the attack.
Students at Newcastle mentioned in a report that it would hardly take criminals 10 seconds to
work out on the card number, cvv code, expiry date for any Visa card payment system whether
debit or credit. They discussed about the technique involved in the procedure to be a complete
guess work. They said the purported "appropriated speculating assault" strategy they had
distinguished could bypass all the security highlights set up to shield online installments from
misrepresentation, and abused vulnerabilities at Visa – which has in excess of 500m cards
available for use in Europe alone – and several the world's greatest and most famous retail sites.
A few locales have changed their online security settings in light of the discoveries.
On this spokesperson from VISA stated that Newcastle did not included in their research
techniques which are connected to prevent payments fraud and it needs to be met in a particular
order to make a transaction possible in the real world.
Recently, on 1st October 2018, UK’s FCA i.e. Financial Conduct Authority declared that Tesco
Bank has been charged total amount of 16.4 million euros as punishment for inattention in
protecting customers’ accounts and data. It proves that there is no tolerance policy at FCA
regarding customer protection rights from any kind of risks. Executive Director at FCA stated
that the attack surfaced because Tesco neglected the warning and did not addressed it properly
and came into action only after the attack happened.
17
included internal security breach. One of the members of Treasury select committee, Mr. Chris
Philip stated that “It is not possible to rule out the possibilities and it is all state-sponsored”
Few Months later the attack surfaced, a team of academics claimed that there were flaws in the
Visa card payment system of the company that helped the fraudsters to carry out the attack.
Students at Newcastle mentioned in a report that it would hardly take criminals 10 seconds to
work out on the card number, cvv code, expiry date for any Visa card payment system whether
debit or credit. They discussed about the technique involved in the procedure to be a complete
guess work. They said the purported "appropriated speculating assault" strategy they had
distinguished could bypass all the security highlights set up to shield online installments from
misrepresentation, and abused vulnerabilities at Visa – which has in excess of 500m cards
available for use in Europe alone – and several the world's greatest and most famous retail sites.
A few locales have changed their online security settings in light of the discoveries.
On this spokesperson from VISA stated that Newcastle did not included in their research
techniques which are connected to prevent payments fraud and it needs to be met in a particular
order to make a transaction possible in the real world.
Recently, on 1st October 2018, UK’s FCA i.e. Financial Conduct Authority declared that Tesco
Bank has been charged total amount of 16.4 million euros as punishment for inattention in
protecting customers’ accounts and data. It proves that there is no tolerance policy at FCA
regarding customer protection rights from any kind of risks. Executive Director at FCA stated
that the attack surfaced because Tesco neglected the warning and did not addressed it properly
and came into action only after the attack happened.
17
Cybercrime-Research and Discussion
As per the reports of FCA, Principle 2 which states to exercise diligence, due skill and care was
neglected and breached by Tesco Bank due to which they did not configured any special
authentication and not applied any fraud detection rules. No proper measures were taken to
prevent frauds from happening. FCA plans to fine more heavily in case Tesco Bank do not
compensate immediately which can even rose to 33,562,400 euros.
Introduction and Thesis
After studying all the crime cases written in this report by my fellow mates it is clear that huge
amount of money is targeted when these kinds of attack takes place. In number of cases the
victim of the attack has been found to be banks. The reason is amount of money involved in the
attack and all the hacking process. Also, third party involvedness’ into the internal matters of the
company has left loopholes to hack the systems. In most of the cases attack was carried out by
some third party employees’ help who were able to gain the access to the part which they should
not be allowed so this shows the case of negligence.
Looking at the trend of cyber-crimes it feels that it is not going to stop anywhere in the near
future but there are sure chances that it will increase. The interconnectivity of almost everything
on the internet today is the reason for all this. The hackers are becoming more and smarter and
they are building different unique techniques almost on daily basis to attack systems internally
and in such a manner that it cannot be discovered for long.
Much all the more enticing is the free system of apparently boundless endpoints containing a
monstrous measure of restrictive information on understudies, workforce and guardians.
Customarily instructive organizations intentionally keep up open systems since they are all
things considered, a bastion of realizing which ought to enable free and simple access to data. As
18
As per the reports of FCA, Principle 2 which states to exercise diligence, due skill and care was
neglected and breached by Tesco Bank due to which they did not configured any special
authentication and not applied any fraud detection rules. No proper measures were taken to
prevent frauds from happening. FCA plans to fine more heavily in case Tesco Bank do not
compensate immediately which can even rose to 33,562,400 euros.
Introduction and Thesis
After studying all the crime cases written in this report by my fellow mates it is clear that huge
amount of money is targeted when these kinds of attack takes place. In number of cases the
victim of the attack has been found to be banks. The reason is amount of money involved in the
attack and all the hacking process. Also, third party involvedness’ into the internal matters of the
company has left loopholes to hack the systems. In most of the cases attack was carried out by
some third party employees’ help who were able to gain the access to the part which they should
not be allowed so this shows the case of negligence.
Looking at the trend of cyber-crimes it feels that it is not going to stop anywhere in the near
future but there are sure chances that it will increase. The interconnectivity of almost everything
on the internet today is the reason for all this. The hackers are becoming more and smarter and
they are building different unique techniques almost on daily basis to attack systems internally
and in such a manner that it cannot be discovered for long.
Much all the more enticing is the free system of apparently boundless endpoints containing a
monstrous measure of restrictive information on understudies, workforce and guardians.
Customarily instructive organizations intentionally keep up open systems since they are all
things considered, a bastion of realizing which ought to enable free and simple access to data. As
18
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cybercrime-Research and Discussion
past assaults from this year appear, information robberies tend to focus on the most extravagant
information accessible, instructions frameworks - with an ideal blend of rich information and
piecemeal security – appear the in all probability focuses for 2018 digital assaults.
References
Abrams, L. (2018). Tesco Bank Fined £16 million by FCA for 2016 Cyber Attack, Security
News, Retrieved on 2nd October, 2018, from
https://www.bleepingcomputer.com/news/security/tesco-bank-fined-16-million-by-fca-for-2016-
cyber-attack/
Treanor, J. (2016). Tesco Bank cyber-thieves stole £2.5m from 9,000 people, The Guardian
News, Retrieved on 2nd October, 2018, from
https://www.theguardian.com/business/2016/nov/08/tesco-bank-cyber-thieves-25m
Shannon, L. (2016). Tesco Bank hack: How it happened and what you can do to protect your
account, the mail on Sunday, Retrieved on 2nd October, 2018, from
https://www.thisismoney.co.uk/money/saving/article-3930118/Tesco-Bank-hack-happened-
protect-account.html
Leyden, J. (2016). What went wrong at Tesco Bank?, The Register, Retrieved on 2nd October,
2018, from https://www.theregister.co.uk/2016/11/10/tesco_bank_breach_analysis/
Arnold, M. (2016). Cyber fraudsters expose vulnerabilities at Tesco Bank, Financial Times, and
Retrieved on 2nd October, from https://www.ft.com/content/9305f41c-a50f-11e6-8898-
79a99e2a4de6
19
past assaults from this year appear, information robberies tend to focus on the most extravagant
information accessible, instructions frameworks - with an ideal blend of rich information and
piecemeal security – appear the in all probability focuses for 2018 digital assaults.
References
Abrams, L. (2018). Tesco Bank Fined £16 million by FCA for 2016 Cyber Attack, Security
News, Retrieved on 2nd October, 2018, from
https://www.bleepingcomputer.com/news/security/tesco-bank-fined-16-million-by-fca-for-2016-
cyber-attack/
Treanor, J. (2016). Tesco Bank cyber-thieves stole £2.5m from 9,000 people, The Guardian
News, Retrieved on 2nd October, 2018, from
https://www.theguardian.com/business/2016/nov/08/tesco-bank-cyber-thieves-25m
Shannon, L. (2016). Tesco Bank hack: How it happened and what you can do to protect your
account, the mail on Sunday, Retrieved on 2nd October, 2018, from
https://www.thisismoney.co.uk/money/saving/article-3930118/Tesco-Bank-hack-happened-
protect-account.html
Leyden, J. (2016). What went wrong at Tesco Bank?, The Register, Retrieved on 2nd October,
2018, from https://www.theregister.co.uk/2016/11/10/tesco_bank_breach_analysis/
Arnold, M. (2016). Cyber fraudsters expose vulnerabilities at Tesco Bank, Financial Times, and
Retrieved on 2nd October, from https://www.ft.com/content/9305f41c-a50f-11e6-8898-
79a99e2a4de6
19
Cybercrime-Research and Discussion
Jones, R. (2016). Tesco Bank cyber-attack involved guesswork, study claims, The Guardian,
Retrieved on 2nd October, from https://www.theguardian.com/technology/2016/dec/02/tesco-
bank-cyber-attack-involved-simply-guessing-details-study-claims.
Crime-Case 5
Malware attack on Cosmos Bank
This cyber-crime case is just about one and half moth old when a banking sector of India was
shaken rudely after being attacked by the international hackers who were successful in siphoning
off 94.42 crores in Indian currency (more than 12 million USD) from the bank Cosmos
Cooperative Bank Ltd. The news came on 15 August, 2018 and ATM has been used as the
medium for withdrawing this large sum of money. ATM cards were swiped at different locations
that included almost 28 countries.
In a statement given to media by the top officials who include, Mr. Milind A. Kale, Chairman of
the India’s second oldest and second biggest cooperative bank in terms of financial set-up it has
been said that “None of the customer is at any kind of loss and all their monies are safe with the
bank”. They are approximately 2 million customers who have their accounts associated with the
bank. Mr. Kale has requested not to create any panic situation over the matter as it will be
resolved as a matter of urgency.
The attack has been carried out as a two day process and Cosmos bank has admitted the report.
An FIR has been lodged considering the seriousness of the matter. Mr. Vishwas Utagi, Banking
expert at Cosmos Bank said “this hack seems to be the trial project of the global attackers and
20
Jones, R. (2016). Tesco Bank cyber-attack involved guesswork, study claims, The Guardian,
Retrieved on 2nd October, from https://www.theguardian.com/technology/2016/dec/02/tesco-
bank-cyber-attack-involved-simply-guessing-details-study-claims.
Crime-Case 5
Malware attack on Cosmos Bank
This cyber-crime case is just about one and half moth old when a banking sector of India was
shaken rudely after being attacked by the international hackers who were successful in siphoning
off 94.42 crores in Indian currency (more than 12 million USD) from the bank Cosmos
Cooperative Bank Ltd. The news came on 15 August, 2018 and ATM has been used as the
medium for withdrawing this large sum of money. ATM cards were swiped at different locations
that included almost 28 countries.
In a statement given to media by the top officials who include, Mr. Milind A. Kale, Chairman of
the India’s second oldest and second biggest cooperative bank in terms of financial set-up it has
been said that “None of the customer is at any kind of loss and all their monies are safe with the
bank”. They are approximately 2 million customers who have their accounts associated with the
bank. Mr. Kale has requested not to create any panic situation over the matter as it will be
resolved as a matter of urgency.
The attack has been carried out as a two day process and Cosmos bank has admitted the report.
An FIR has been lodged considering the seriousness of the matter. Mr. Vishwas Utagi, Banking
expert at Cosmos Bank said “this hack seems to be the trial project of the global attackers and
20
Cybercrime-Research and Discussion
which encountered a successful run and this is a warning for the IT departments of every bank
which are interconnected to each other and the banking sector. In another interview Mr. Utagi
told the media that this kind of attack is first in the history and has never been faced before. The
way used to hack bank servers at the payment gateway levels and transfer of money before
anything could have been done to prevent the action is an attack on the security of nation. A
serious action must be taken by the RBI (Reserve Bank of India) regarding this and to ensure
protecting future risks.
To carry out the attack, some malware function has been used as the virus to hack the critical
communication system between various payment gateways. After the system hack was
successful the gangs of global hackers were informed about it and they started withdrawing
money using ATM cards. Total cards used at different locations of 28 countries have a count of
450. And each card has been used multiple times to siphon total amount of approximately 95
crores. The data related to cards such as Total number of transactions, their exact location, exact
timings and card numbers used has been retrieved by the bank which will aid help in further
investigation.
Although the information related to banks or ATM locations has not been disclosed to the media
viewing the sensitivity of the matter as it can jeopardize the probe. The investingation is being
undertaken by the Pune Cyber Crime Cell along with, Ms. Vaishali Galande, Crime Branch's
Inspector. In the FIR reported by the official persons at Cosmos it has been mentioned that the
attack has carried out on August 11, 2018 between 3 pm and 10 pm and on August 13, 2018
between 11.30 am and 9 pm which affected the headquarters on Ganeshkhind Road badly.
21
which encountered a successful run and this is a warning for the IT departments of every bank
which are interconnected to each other and the banking sector. In another interview Mr. Utagi
told the media that this kind of attack is first in the history and has never been faced before. The
way used to hack bank servers at the payment gateway levels and transfer of money before
anything could have been done to prevent the action is an attack on the security of nation. A
serious action must be taken by the RBI (Reserve Bank of India) regarding this and to ensure
protecting future risks.
To carry out the attack, some malware function has been used as the virus to hack the critical
communication system between various payment gateways. After the system hack was
successful the gangs of global hackers were informed about it and they started withdrawing
money using ATM cards. Total cards used at different locations of 28 countries have a count of
450. And each card has been used multiple times to siphon total amount of approximately 95
crores. The data related to cards such as Total number of transactions, their exact location, exact
timings and card numbers used has been retrieved by the bank which will aid help in further
investigation.
Although the information related to banks or ATM locations has not been disclosed to the media
viewing the sensitivity of the matter as it can jeopardize the probe. The investingation is being
undertaken by the Pune Cyber Crime Cell along with, Ms. Vaishali Galande, Crime Branch's
Inspector. In the FIR reported by the official persons at Cosmos it has been mentioned that the
attack has carried out on August 11, 2018 between 3 pm and 10 pm and on August 13, 2018
between 11.30 am and 9 pm which affected the headquarters on Ganeshkhind Road badly.
21
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybercrime-Research and Discussion
A professional forensic agency is also involved in the thorough investigation of the matter that is
expected to submit their report within a week. Generally, when a debit card payment is made,
Core Banking System receives it via Switching System but when the system was attacked using
malware, it created a proxy switch which helped to pass all the fraudulent payment approvals.
Recently news surfaced on the internet that National Payments Council of India (NCPI) has
blamed Cosmos own IT department and environment for the attack. Mr. Panchal, Head of Risk
Management department, said that NCPI systems and organization of umbrella which operates
settlement systems and retail payments in India are completely secured and Cosmos banks
transactions were under continuous surveillance.
According to latest reports on the case by Special Investigation Team it has been said that exact
locations in India has been located and most of them are from Maharashtra state. The attackers
has cloned the debit cards and used it to withdraw money from Pune-headquartered cooperative
bank. In India alone the withdrawal money was calculated to be 15 crores, rest of it was
withdrawn out of India. Except Maharashtra few of the locations have been found from Uttar
Pradesh and Madhya Pradesh in India.
22
A professional forensic agency is also involved in the thorough investigation of the matter that is
expected to submit their report within a week. Generally, when a debit card payment is made,
Core Banking System receives it via Switching System but when the system was attacked using
malware, it created a proxy switch which helped to pass all the fraudulent payment approvals.
Recently news surfaced on the internet that National Payments Council of India (NCPI) has
blamed Cosmos own IT department and environment for the attack. Mr. Panchal, Head of Risk
Management department, said that NCPI systems and organization of umbrella which operates
settlement systems and retail payments in India are completely secured and Cosmos banks
transactions were under continuous surveillance.
According to latest reports on the case by Special Investigation Team it has been said that exact
locations in India has been located and most of them are from Maharashtra state. The attackers
has cloned the debit cards and used it to withdraw money from Pune-headquartered cooperative
bank. In India alone the withdrawal money was calculated to be 15 crores, rest of it was
withdrawn out of India. Except Maharashtra few of the locations have been found from Uttar
Pradesh and Madhya Pradesh in India.
22
Cybercrime-Research and Discussion
Introduction and Thesis
Studying all articles written in the report there are three clear basic but essential similarities
which are: hackers demand that the agent must act ‘without any right’, ‘intentional commitment
of the act and most of the cases has originated from the same material act. The data interference
crime chastises the acts of suppression of computer data, alteration, deterioration, deletion and
damaging (Article 4). System interference crime chastises the acts of damaging, transmitting,
inputting or deteriorating of any data (Article 5). Computer related fraud chastises the acts of
deletion and alteration. With a little variation with every article most of the causes for the crime
related to cyber-attack is common.
Slight contrasts like the way that the wrongdoing of information obstruction does not anticipate
«input of data» or that the wrongdoing of framework obstruction foresee «transmitting» that isn't
anticipated by alternate wrongdoings, don't appear to be applicable. Most of the material
demonstrations which fall inside the lawful gauge of these wrongdoings are the equivalent.
Protection of data and money over internet is already a challenge in today’s time. The future of
deployment, aggregation of data, global sensor proliferation, large scale Radio Frequency
Identification (RFID) deployment, and highly personalized amplified facilities will need legally
bounded frameworks for the purpose of security and privacy. Damage caused by the attacks is
always immediate and thus very difficult to repair the causes. The major focus at this time is to
maintain reputation of the company. It is believed that the increasing use of multiple identities
with various scales of verify checks, anonymity and pseudonymity will give rise to innovative
tools and services related to management.
23
Introduction and Thesis
Studying all articles written in the report there are three clear basic but essential similarities
which are: hackers demand that the agent must act ‘without any right’, ‘intentional commitment
of the act and most of the cases has originated from the same material act. The data interference
crime chastises the acts of suppression of computer data, alteration, deterioration, deletion and
damaging (Article 4). System interference crime chastises the acts of damaging, transmitting,
inputting or deteriorating of any data (Article 5). Computer related fraud chastises the acts of
deletion and alteration. With a little variation with every article most of the causes for the crime
related to cyber-attack is common.
Slight contrasts like the way that the wrongdoing of information obstruction does not anticipate
«input of data» or that the wrongdoing of framework obstruction foresee «transmitting» that isn't
anticipated by alternate wrongdoings, don't appear to be applicable. Most of the material
demonstrations which fall inside the lawful gauge of these wrongdoings are the equivalent.
Protection of data and money over internet is already a challenge in today’s time. The future of
deployment, aggregation of data, global sensor proliferation, large scale Radio Frequency
Identification (RFID) deployment, and highly personalized amplified facilities will need legally
bounded frameworks for the purpose of security and privacy. Damage caused by the attacks is
always immediate and thus very difficult to repair the causes. The major focus at this time is to
maintain reputation of the company. It is believed that the increasing use of multiple identities
with various scales of verify checks, anonymity and pseudonymity will give rise to innovative
tools and services related to management.
23
Cybercrime-Research and Discussion
References
Narota, S and Sharma, J. (2018). Cosmos Bank's server hacked; Rs 94 crore siphoned off in 2
days, The Economic Times, Retrieved on 5th Oct 2018 from
https://economictimes.indiatimes.com/industry/banking/finance/banking/cosmos-banks-server-
hacked-rs-94-crore-siphoned-off-in-2-days/articleshow/65399477.cms
Agarwal, S. (2018). Cosmos Bank malware attack: ATMs used in India identified, says Pune
SIT, The Indian Express, Retrieved on 5th Oct 2018 from
https://indianexpress.com/article/cities/pune/cosmos-bank-malware-attack-atms-used-in-india-
identified-says-pune-sit-5316691/
Agarwal, A. (2018). NPCI Blames Cosmos Bank for Malware Attack, Indo-Asian News Service,
and Retrieved on 5th Oct 2018 from https://gadgets.ndtv.com/internet/news/npci-blames-cosmos-
bank-for-malware-attack-1901271
Gupta, R. (2018). Pune's Cosmos Bank loses Rs 94 Cr to cyber-attack, Retrieved on 5th Oct 2018
from https://tech.economictimes.indiatimes.com/news/corporate/punes-cosmos-bank-loses-rs-94-
cr-to-cyber-attack/65410241.
24
References
Narota, S and Sharma, J. (2018). Cosmos Bank's server hacked; Rs 94 crore siphoned off in 2
days, The Economic Times, Retrieved on 5th Oct 2018 from
https://economictimes.indiatimes.com/industry/banking/finance/banking/cosmos-banks-server-
hacked-rs-94-crore-siphoned-off-in-2-days/articleshow/65399477.cms
Agarwal, S. (2018). Cosmos Bank malware attack: ATMs used in India identified, says Pune
SIT, The Indian Express, Retrieved on 5th Oct 2018 from
https://indianexpress.com/article/cities/pune/cosmos-bank-malware-attack-atms-used-in-india-
identified-says-pune-sit-5316691/
Agarwal, A. (2018). NPCI Blames Cosmos Bank for Malware Attack, Indo-Asian News Service,
and Retrieved on 5th Oct 2018 from https://gadgets.ndtv.com/internet/news/npci-blames-cosmos-
bank-for-malware-attack-1901271
Gupta, R. (2018). Pune's Cosmos Bank loses Rs 94 Cr to cyber-attack, Retrieved on 5th Oct 2018
from https://tech.economictimes.indiatimes.com/news/corporate/punes-cosmos-bank-loses-rs-94-
cr-to-cyber-attack/65410241.
24
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cybercrime-Research and Discussion
Crime-Case 6
Crypto Heist: Millions stolen from Japanese Crypto Exchange Zaif
In a statement released by Exchange, on 20th September 2018, Thursday, it has been reported that
Zaif crypto-currency has been attacked by the hackers and became the victim of a cybercrime.
The total money lost in the attack has been estimated to be 60 million USD. Some employees at
the company recognized suspicious activities going on with the platform at around 5 pm (local
time of Japan) on September 14, 2018. After that all kind of withdrawals and deposits was
suspended temporarily.
The Zaif crypto-currency exchange lost bitcoins in quantity 5966 along with Mona coin and
unspecified amounts of Bitcoin Cash. Out of the money stolen, a total of 2.3 billion belong to
company and rest of the remaining account has been siphoned from the customers’ accounts. The
Zaif crypto-currency exchange is one of the 16 which has been approved by Japan’s FSA and it
is operated by Tech Bureau. Zaif exchange has become the second to suffer major cyber-attack
in Japan after Coincheck who became the victim of similar kind of cyber-attack earlier this year
and lost 530 million USD worth NEM tokens. The Coincheck operations were resumed only
after the month of April and it soon acknowledged a buyout bid by the Monex Group.
It has been indicated by the Zaif exchange that it is planning to trade major part of the shares of
the exchange company for the purpose of some investment in order to cover the cost of the loss.
It clarified that it has achieved consent to pitch a noteworthy stake in the organization to Fisco, a
Japan-recorded organization for $44.5 million.
25
Crime-Case 6
Crypto Heist: Millions stolen from Japanese Crypto Exchange Zaif
In a statement released by Exchange, on 20th September 2018, Thursday, it has been reported that
Zaif crypto-currency has been attacked by the hackers and became the victim of a cybercrime.
The total money lost in the attack has been estimated to be 60 million USD. Some employees at
the company recognized suspicious activities going on with the platform at around 5 pm (local
time of Japan) on September 14, 2018. After that all kind of withdrawals and deposits was
suspended temporarily.
The Zaif crypto-currency exchange lost bitcoins in quantity 5966 along with Mona coin and
unspecified amounts of Bitcoin Cash. Out of the money stolen, a total of 2.3 billion belong to
company and rest of the remaining account has been siphoned from the customers’ accounts. The
Zaif crypto-currency exchange is one of the 16 which has been approved by Japan’s FSA and it
is operated by Tech Bureau. Zaif exchange has become the second to suffer major cyber-attack
in Japan after Coincheck who became the victim of similar kind of cyber-attack earlier this year
and lost 530 million USD worth NEM tokens. The Coincheck operations were resumed only
after the month of April and it soon acknowledged a buyout bid by the Monex Group.
It has been indicated by the Zaif exchange that it is planning to trade major part of the shares of
the exchange company for the purpose of some investment in order to cover the cost of the loss.
It clarified that it has achieved consent to pitch a noteworthy stake in the organization to Fisco, a
Japan-recorded organization for $44.5 million.
25
Cybercrime-Research and Discussion
After japan decided to accept and regulate crypto-currency, it almost became a hub to crypto-
currency activities. It is mandatory to implement FSA rules and policies which have been aimed
to protect customers and to prevent accidents like this. After the Coincheck attack took place,
FSA worked on strengthening its rules and policies. Few of the regulatory sweeps were
conducted and after that various improvements orders were issued by FSA to several crypto
operators in the country. Exchange Company Tech Bureau acknowledged an order on safety and
anti-money filtering in March. Tech Bureau said it has educated the experts of the assault and it
is been examined. Despite the fact that it didn't give a date for resumption of store/withdrawal
administrations, it guaranteed to repay casualties of the occurrence.
There was no itemized information regarding the attack was published by the officials at Zaif.
They declined to talk about it in details but assured that they are co-operating with the official
authorities in investigation. They stated that we do not want to comment anything about the
process carried out to make this attack happen and concerned authorities are investigating. After
a week an official statement was released by the exchange that a server malfunction was detected
by our IT department on 14th Sept, 2018 and next day it was confirmed that system has been
hacked.
After detecting the attack they contacted Treasury department and discussed the damage and
provided the details. At present they are working to strengthen the security and server re-building
so that normal operations such as withdrawing and depositing virtual currency could be resumed.
A sincere apology was also asked for all the inconveniences caused to the customers by this
attack.
26
After japan decided to accept and regulate crypto-currency, it almost became a hub to crypto-
currency activities. It is mandatory to implement FSA rules and policies which have been aimed
to protect customers and to prevent accidents like this. After the Coincheck attack took place,
FSA worked on strengthening its rules and policies. Few of the regulatory sweeps were
conducted and after that various improvements orders were issued by FSA to several crypto
operators in the country. Exchange Company Tech Bureau acknowledged an order on safety and
anti-money filtering in March. Tech Bureau said it has educated the experts of the assault and it
is been examined. Despite the fact that it didn't give a date for resumption of store/withdrawal
administrations, it guaranteed to repay casualties of the occurrence.
There was no itemized information regarding the attack was published by the officials at Zaif.
They declined to talk about it in details but assured that they are co-operating with the official
authorities in investigation. They stated that we do not want to comment anything about the
process carried out to make this attack happen and concerned authorities are investigating. After
a week an official statement was released by the exchange that a server malfunction was detected
by our IT department on 14th Sept, 2018 and next day it was confirmed that system has been
hacked.
After detecting the attack they contacted Treasury department and discussed the damage and
provided the details. At present they are working to strengthen the security and server re-building
so that normal operations such as withdrawing and depositing virtual currency could be resumed.
A sincere apology was also asked for all the inconveniences caused to the customers by this
attack.
26
Cybercrime-Research and Discussion
A number of money related pioneers today are occupied with digital currencies; however they
still exceptionally cautious with direct speculation with them because of the continuous news of
cryptographic money trade getting hacked by untouchables.
Japan has around 12% share of global Bitcoin currency trades and comes on second number after
USA. Before the attack Zaif’s position was ranked 35 amidst largest digital currency exchange in
the world based-on turnover rates.
Introduction and Thesis
According to the concept of Law human beings are assumed to be vulnerable and so rules are
needed to protect them similarly cyberspace is vulnerable and rules are needed to protect them
against thefts and hacking attacks. The common reasons that are applicable to all of the crimes
discussed here can be summarized as: Easy to access: The issue experienced in guarding a PC
framework from unapproved get to is that there is each probability of break not because of
human mistake but rather because of the unpredictable innovation. By covertly embedded
rationale bomb, key lumberjacks that can take get to codes, propelled voice recorders; retina
imagers and so on that can trick biometric frameworks and sidestep firewalls can be used to
move beyond numerous a security framework.
The second reason I could found is Loss of evidence: Loss of proof is an exceptionally basic and
clear issue as every one of the information are routinely decimated. Advance accumulation of
information outside the regional degree additionally incapacitates this arrangement of crime
examination.
The future of cyber-crime does not look anywhere near secure. Although new technologies are
emerging on daily basis to handle all possible kinds of flaws and breaches but still hackers are
27
A number of money related pioneers today are occupied with digital currencies; however they
still exceptionally cautious with direct speculation with them because of the continuous news of
cryptographic money trade getting hacked by untouchables.
Japan has around 12% share of global Bitcoin currency trades and comes on second number after
USA. Before the attack Zaif’s position was ranked 35 amidst largest digital currency exchange in
the world based-on turnover rates.
Introduction and Thesis
According to the concept of Law human beings are assumed to be vulnerable and so rules are
needed to protect them similarly cyberspace is vulnerable and rules are needed to protect them
against thefts and hacking attacks. The common reasons that are applicable to all of the crimes
discussed here can be summarized as: Easy to access: The issue experienced in guarding a PC
framework from unapproved get to is that there is each probability of break not because of
human mistake but rather because of the unpredictable innovation. By covertly embedded
rationale bomb, key lumberjacks that can take get to codes, propelled voice recorders; retina
imagers and so on that can trick biometric frameworks and sidestep firewalls can be used to
move beyond numerous a security framework.
The second reason I could found is Loss of evidence: Loss of proof is an exceptionally basic and
clear issue as every one of the information are routinely decimated. Advance accumulation of
information outside the regional degree additionally incapacitates this arrangement of crime
examination.
The future of cyber-crime does not look anywhere near secure. Although new technologies are
emerging on daily basis to handle all possible kinds of flaws and breaches but still hackers are
27
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybercrime-Research and Discussion
also becoming more and smarter and the rise of hacktivism in past few years gives a clear idea
for accumulative civil society engagement in issues related to administration of internet and
information security. It is foreseen that natives will require more noteworthy straightforwardness
and responsibility from their administration suppliers and governments, and independence over
their information.
References
Jones, K. (2018). $60 Billion Worth of Cryptocurrency Stolen in the Zaif Cyberheist, Hacker
Combat Community, Retrieved on 5th October 2018, from https://hackercombat.com/60-billion-
worth-of-cryptocurrency-stolen-in-the-zaif-cyberheist/
Harvey, W. (2018). Hackers Stolen $60 Billion Worth of Cryptocurrency in the Zaif Cyberheist,
The medium, retrieved on 5th October 2018, from
https://medium.com/@william_harvey/hackers-stolen-60-billion-worth-of-cryptocurrency-in-
the-zaif-cyberheist-8eab8786b806
Sunny, S. (2018). Crypto Heist: Hackers Steal $60 Million from Japanese Crypto Exchange Zaif,
Retrieved on 5th October 2018, from https://smartereum.com/34009/crypto-heist-hackers-steal-
60-million-from-japanese-crypto-exchange-zaif/
Bubbly, C. (2018). $60 Billion Worth of Cryptocurrency Stolen in the Zaif Cyberheist, Retrieved
on 5th October 2018, from https://cryptocurrency-news.mobi/?p=85921
28
also becoming more and smarter and the rise of hacktivism in past few years gives a clear idea
for accumulative civil society engagement in issues related to administration of internet and
information security. It is foreseen that natives will require more noteworthy straightforwardness
and responsibility from their administration suppliers and governments, and independence over
their information.
References
Jones, K. (2018). $60 Billion Worth of Cryptocurrency Stolen in the Zaif Cyberheist, Hacker
Combat Community, Retrieved on 5th October 2018, from https://hackercombat.com/60-billion-
worth-of-cryptocurrency-stolen-in-the-zaif-cyberheist/
Harvey, W. (2018). Hackers Stolen $60 Billion Worth of Cryptocurrency in the Zaif Cyberheist,
The medium, retrieved on 5th October 2018, from
https://medium.com/@william_harvey/hackers-stolen-60-billion-worth-of-cryptocurrency-in-
the-zaif-cyberheist-8eab8786b806
Sunny, S. (2018). Crypto Heist: Hackers Steal $60 Million from Japanese Crypto Exchange Zaif,
Retrieved on 5th October 2018, from https://smartereum.com/34009/crypto-heist-hackers-steal-
60-million-from-japanese-crypto-exchange-zaif/
Bubbly, C. (2018). $60 Billion Worth of Cryptocurrency Stolen in the Zaif Cyberheist, Retrieved
on 5th October 2018, from https://cryptocurrency-news.mobi/?p=85921
28
Cybercrime-Research and Discussion
Crime-Case 7
Data stolen in credit union cyber attack
On May 9, 2018 it was revealed that Sheffield Credit Union, UK based firm has become victim
to a cyber-attack in which personal data related to approximately 15000 customers have been
stolen. The type of data that was stolen included names, addresses and national insurance
numbers of the credit union customers as reported by the officials. The attack happened after a
security breach in IT department systems.
As per the reports the attack happened in the month of February this year but all news regarding
this was kept under the table and was revealed only after hackers demanded ransom and
threatened to publicize entire data in case credit union fails to pay the ransom. The police
officials at South Yorkshire had claimed that they were already reported and working on this
issue since it happened. They also stated that they are working in collaboration with Action
Fraud.
The credit union SCU is claiming that this kind of breach can be a threat to the victim customers
and they can be deceived in case hackers use any of their personal data. In a report issued by the
authorized persons at SCU it has been stated that “It is to inform all the members of SCU that
their credit union became victim to a major cyber-attack during the month of February but it was
only detected now after the call of ransom has been received. The attack might have taken place
on 14th February, 2018”. It was also reported that they have warned the victim customers that this
attack might expose them to attempts to defraud, cold calling or text messaging in their name.
The letter additionally expressed saying that since the data has been stolen, they have
"investigated and expanded" their security and points of interest of the assault has even been
29
Crime-Case 7
Data stolen in credit union cyber attack
On May 9, 2018 it was revealed that Sheffield Credit Union, UK based firm has become victim
to a cyber-attack in which personal data related to approximately 15000 customers have been
stolen. The type of data that was stolen included names, addresses and national insurance
numbers of the credit union customers as reported by the officials. The attack happened after a
security breach in IT department systems.
As per the reports the attack happened in the month of February this year but all news regarding
this was kept under the table and was revealed only after hackers demanded ransom and
threatened to publicize entire data in case credit union fails to pay the ransom. The police
officials at South Yorkshire had claimed that they were already reported and working on this
issue since it happened. They also stated that they are working in collaboration with Action
Fraud.
The credit union SCU is claiming that this kind of breach can be a threat to the victim customers
and they can be deceived in case hackers use any of their personal data. In a report issued by the
authorized persons at SCU it has been stated that “It is to inform all the members of SCU that
their credit union became victim to a major cyber-attack during the month of February but it was
only detected now after the call of ransom has been received. The attack might have taken place
on 14th February, 2018”. It was also reported that they have warned the victim customers that this
attack might expose them to attempts to defraud, cold calling or text messaging in their name.
The letter additionally expressed saying that since the data has been stolen, they have
"investigated and expanded" their security and points of interest of the assault has even been
29
Cybercrime-Research and Discussion
passed on to applicable specialists which incorporate the police and ICO-Information
Commissioners Office.
Fiona Greaves, Chairwoman of trustees of Sheffield Credit Union, stated that “brute-force”
technique could have been used by the cyber-criminals to get the hold of all personal data.
During the attack, trial and error method has been used to crack the password and various
combinations of passwords have been tried before the actual password was detected by the
attackers.
Ms. Greaves also added that we understand the gravity of matter and handling it with the serious
urgency and SCU customers must not worry that the loss of the data is going to mean wholesale
fraud. We have informed this in the media and almost everyone got a hold of the news and they
are aware that in case they receive any text message in your name it could be someone else who
is in the possession of your data.
Credit union has advised their customers to continually monitor their bank accounts and report
immediately in case any kind of unusual activity is observed. They have also provided a toll free
helpline number to the customers which they can call in case they are concerned about their
account. They have been assured that as soon as the matter gets resolved they will be
acknowledged and for now they are on the initial stage to confirm anything.
In the edition published by Cyber Security Hub, this incident has been stated as the “Incident of
the month”. In news released on the SCU site, the credit association composed that in the wake
of the assault, "and various other comparative assaults on organizations substantial and little," its
point is to keep individuals "safe from con artists."
30
passed on to applicable specialists which incorporate the police and ICO-Information
Commissioners Office.
Fiona Greaves, Chairwoman of trustees of Sheffield Credit Union, stated that “brute-force”
technique could have been used by the cyber-criminals to get the hold of all personal data.
During the attack, trial and error method has been used to crack the password and various
combinations of passwords have been tried before the actual password was detected by the
attackers.
Ms. Greaves also added that we understand the gravity of matter and handling it with the serious
urgency and SCU customers must not worry that the loss of the data is going to mean wholesale
fraud. We have informed this in the media and almost everyone got a hold of the news and they
are aware that in case they receive any text message in your name it could be someone else who
is in the possession of your data.
Credit union has advised their customers to continually monitor their bank accounts and report
immediately in case any kind of unusual activity is observed. They have also provided a toll free
helpline number to the customers which they can call in case they are concerned about their
account. They have been assured that as soon as the matter gets resolved they will be
acknowledged and for now they are on the initial stage to confirm anything.
In the edition published by Cyber Security Hub, this incident has been stated as the “Incident of
the month”. In news released on the SCU site, the credit association composed that in the wake
of the assault, "and various other comparative assaults on organizations substantial and little," its
point is to keep individuals "safe from con artists."
30
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cybercrime-Research and Discussion
They have also shared some useful tips with the customers in order to protect any such further
attacks which are:
Before passing on any kind of bank related information over phone, text message or
emails make sure that the person whom you are sending details is authorized and verified.
Never change your bank details on someone’s saying without proper verification.
Always open company’s website by typing the correct address in the browser.
Do not ever forget to log out after completing your work.
Though these yips have been given as a part of the SCU customer base but they are generally
appropriate for any kind of venture – as security groups direct mindfulness battles to teach staff
members about proactive digital conduct.
Introduction and Thesis
Cyber-crime is radically similar to other conventional crimes as both are concerned with an act
or omission of conduct that causes breaking of rules and policies. All of the cybercrimes stated in
this report depicts two common reasons of occurrence which are: Complexity: The PCs take a
shot at working frameworks and these working frameworks thusly are made out of a huge
number of codes. Human personality is error prone and it isn't conceivable that there probably
won't be a slip by at any stage. The digital lawbreakers exploit these lacunas and enter into the
PC framework.
The other reason I could find is Negligence: is firmly associated with human direct. It is
consequently extremely likely that while securing the PC framework there may be any
carelessness, which thus gives a digital criminal to obtain entrance and command over the PC
framework.
31
They have also shared some useful tips with the customers in order to protect any such further
attacks which are:
Before passing on any kind of bank related information over phone, text message or
emails make sure that the person whom you are sending details is authorized and verified.
Never change your bank details on someone’s saying without proper verification.
Always open company’s website by typing the correct address in the browser.
Do not ever forget to log out after completing your work.
Though these yips have been given as a part of the SCU customer base but they are generally
appropriate for any kind of venture – as security groups direct mindfulness battles to teach staff
members about proactive digital conduct.
Introduction and Thesis
Cyber-crime is radically similar to other conventional crimes as both are concerned with an act
or omission of conduct that causes breaking of rules and policies. All of the cybercrimes stated in
this report depicts two common reasons of occurrence which are: Complexity: The PCs take a
shot at working frameworks and these working frameworks thusly are made out of a huge
number of codes. Human personality is error prone and it isn't conceivable that there probably
won't be a slip by at any stage. The digital lawbreakers exploit these lacunas and enter into the
PC framework.
The other reason I could find is Negligence: is firmly associated with human direct. It is
consequently extremely likely that while securing the PC framework there may be any
carelessness, which thus gives a digital criminal to obtain entrance and command over the PC
framework.
31
Cybercrime-Research and Discussion
Cyber-attacks are unlikely to stop, undiminished and relentless. The reason rewards are too high
and work is too low, on top of that minimal chances of getting caught and punished for the
crime. The director and senior fellow of the Technology and Public Policy Program at the Center
for Strategic and International Studies, Mr. James Lewis has warned the society to be ready for
more intense cyber-attacks in the near future as they are not going to stop.
References
Kanye, J. (2018). Data stolen in Sheffield Credit Union cyber-attack, BBC News, Retrieved on
5th October 2018, from https://www.bbc.com/news/uk-england-south-yorkshire-44039296
Urnav, B. (2018). Sheffield Credit Union: Victim Of Cyber Hack, Latest Hacking News,
Retrieved on 5th October 2018, from https://latesthackingnews.com/2018/05/09/sheffield-credit-
union-victim-of-cyber-hack/
Gunderman, D. (2018). Incident Of The Week: 15K Accounts Breached At U.K. Credit Union,
Cyber Security Hub, Retrieved on 5th October 2018, from
https://www.cshub.com/attacks/news/incident-of-the-week-15k-accounts-breached-at-uk
Lewis, C. (2018). Cyber-attack affects thousands of members of Sheffield's Credit Union, The
Star News, Retrieved on 5th October 2018, from https://www.thestar.co.uk/news/cyber-attack-
affects-thousands-of-members-of-sheffield-s-credit-union-1-9153489
32
Cyber-attacks are unlikely to stop, undiminished and relentless. The reason rewards are too high
and work is too low, on top of that minimal chances of getting caught and punished for the
crime. The director and senior fellow of the Technology and Public Policy Program at the Center
for Strategic and International Studies, Mr. James Lewis has warned the society to be ready for
more intense cyber-attacks in the near future as they are not going to stop.
References
Kanye, J. (2018). Data stolen in Sheffield Credit Union cyber-attack, BBC News, Retrieved on
5th October 2018, from https://www.bbc.com/news/uk-england-south-yorkshire-44039296
Urnav, B. (2018). Sheffield Credit Union: Victim Of Cyber Hack, Latest Hacking News,
Retrieved on 5th October 2018, from https://latesthackingnews.com/2018/05/09/sheffield-credit-
union-victim-of-cyber-hack/
Gunderman, D. (2018). Incident Of The Week: 15K Accounts Breached At U.K. Credit Union,
Cyber Security Hub, Retrieved on 5th October 2018, from
https://www.cshub.com/attacks/news/incident-of-the-week-15k-accounts-breached-at-uk
Lewis, C. (2018). Cyber-attack affects thousands of members of Sheffield's Credit Union, The
Star News, Retrieved on 5th October 2018, from https://www.thestar.co.uk/news/cyber-attack-
affects-thousands-of-members-of-sheffield-s-credit-union-1-9153489
32
Cybercrime-Research and Discussion
Crime-Case 8
Cyber Attack on Dixons Carphone: 105K Payment Cards without Pin
Protection Compromised
A British Company, Dixon Carphone, who deals in the retailing of mobile phones and electrical
reported in June 2018 that they have become victim to a major cyber-attack and disclosed that
company’s payment data has been accessed in an unauthorized manner. It has been said by group
officials that approximately 6 million payment cards have been compromised under this attack.
The attack has been carried out by hacking one of the processors at Dixons Travel Stores and
Currys PC World.
It has been reported that out of the 6 million payment cards whose data has been accessed are pin
and chip protected and the data that has been stolen does not contain any details regarding CVV
codes, pin codes or any other authentication data which could help to reveal the identification of
the cardholder. Hence it is not possible to make any kind of purchase using these 5.8 million card
details. Conversely, the remaining number of cards which has been reported to be around 105
thousands is non-EU issued payment cards and these cards do not have the option of pin or chip
protection security so these cards can be misused to make any kind of online purchase.
Dixon Carphone also discovered about the 1.2 million non- financial records that has been
accessed during this attack. These records contain information related to personal data of
customers such as their name, email and address but it has been reported that no fraud has been
sensed related to this information too.
33
Crime-Case 8
Cyber Attack on Dixons Carphone: 105K Payment Cards without Pin
Protection Compromised
A British Company, Dixon Carphone, who deals in the retailing of mobile phones and electrical
reported in June 2018 that they have become victim to a major cyber-attack and disclosed that
company’s payment data has been accessed in an unauthorized manner. It has been said by group
officials that approximately 6 million payment cards have been compromised under this attack.
The attack has been carried out by hacking one of the processors at Dixons Travel Stores and
Currys PC World.
It has been reported that out of the 6 million payment cards whose data has been accessed are pin
and chip protected and the data that has been stolen does not contain any details regarding CVV
codes, pin codes or any other authentication data which could help to reveal the identification of
the cardholder. Hence it is not possible to make any kind of purchase using these 5.8 million card
details. Conversely, the remaining number of cards which has been reported to be around 105
thousands is non-EU issued payment cards and these cards do not have the option of pin or chip
protection security so these cards can be misused to make any kind of online purchase.
Dixon Carphone also discovered about the 1.2 million non- financial records that has been
accessed during this attack. These records contain information related to personal data of
customers such as their name, email and address but it has been reported that no fraud has been
sensed related to this information too.
33
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybercrime-Research and Discussion
National Crime Agency of Britain confirmed that they have undertaken the case and are
investigating on the matter with urgency. They are working in collaboration with National Cyber
Security Centre, Information Commissioner’s Office, Britain’s data protection regulator and the
Financial Conduct Authority.
NCA’s head of operations, Mike Hulett, said that the complex nature of the crime and all the
inquiries will take time to completely investigate the matter. Information Commissioner’s Office
(ICO) assured that it is communicating with FCA and NCSC and all other agencies on regular
basis to discover the attack’s impact on the customers.
In the year 2015, Warehouse division of Dixons Carphone group suffered a data breach and
earlier this year in the month of February they had been fined 533,240 USD by ICO. The
company paid the fine and got a rebate of 20 percent as they made payment early. The company
said that after the attack on warehouse in 2015 it has worked every time to secure its IT systems
in every possible manner. During year 2016, another company TalkTalk was fined similarly for
not able to meet their cyber security up to the needs and which has in turn enabled the hackers to
carry out the attack.
Alex Baldock, CEO at Dixons Carphone, expressed sorry and disappointment at the attack and
has assured customers that none of them will suffer any kind of loss regarding this. They have
admitted that it has been a mistake on their part to not able to secure the systems and they
consider that it’s their prime duty to protect customer’s data and they pour their heart at the
business but something has been fallen short and it happened.
Mr. Baldock has joined Dixon group in the month of April, 2018 and by May the company has to
close some of its shops owing to decreasing profits and it also resulted in a loss in company’s
34
National Crime Agency of Britain confirmed that they have undertaken the case and are
investigating on the matter with urgency. They are working in collaboration with National Cyber
Security Centre, Information Commissioner’s Office, Britain’s data protection regulator and the
Financial Conduct Authority.
NCA’s head of operations, Mike Hulett, said that the complex nature of the crime and all the
inquiries will take time to completely investigate the matter. Information Commissioner’s Office
(ICO) assured that it is communicating with FCA and NCSC and all other agencies on regular
basis to discover the attack’s impact on the customers.
In the year 2015, Warehouse division of Dixons Carphone group suffered a data breach and
earlier this year in the month of February they had been fined 533,240 USD by ICO. The
company paid the fine and got a rebate of 20 percent as they made payment early. The company
said that after the attack on warehouse in 2015 it has worked every time to secure its IT systems
in every possible manner. During year 2016, another company TalkTalk was fined similarly for
not able to meet their cyber security up to the needs and which has in turn enabled the hackers to
carry out the attack.
Alex Baldock, CEO at Dixons Carphone, expressed sorry and disappointment at the attack and
has assured customers that none of them will suffer any kind of loss regarding this. They have
admitted that it has been a mistake on their part to not able to secure the systems and they
consider that it’s their prime duty to protect customer’s data and they pour their heart at the
business but something has been fallen short and it happened.
Mr. Baldock has joined Dixon group in the month of April, 2018 and by May the company has to
close some of its shops owing to decreasing profits and it also resulted in a loss in company’s
34
Cybercrime-Research and Discussion
share market value by approximately 500 million pounds. Investment Director at AJ Bell, Russ
Mould, said these kinds of repeated attacks could tarnish the good will of the company and
destabilize customer’s interest in the company.
"The reality this just became visible currently on account of an audit of the organization's
frameworks and information and really happened in 2017 is likewise cause for some worry," he
said.
Since the information rupture goes back to a year ago it will be managed by the ICO under the
forces of the Data Protection Act 1998 and not the European Union General Data Protection
Regulation (GDPR) which became effective on May 25.
The most extreme conceivable money related punishment under the 1998 Act is 500,000 pounds
instead of 17 million pounds under GDPR.
35
share market value by approximately 500 million pounds. Investment Director at AJ Bell, Russ
Mould, said these kinds of repeated attacks could tarnish the good will of the company and
destabilize customer’s interest in the company.
"The reality this just became visible currently on account of an audit of the organization's
frameworks and information and really happened in 2017 is likewise cause for some worry," he
said.
Since the information rupture goes back to a year ago it will be managed by the ICO under the
forces of the Data Protection Act 1998 and not the European Union General Data Protection
Regulation (GDPR) which became effective on May 25.
The most extreme conceivable money related punishment under the 1998 Act is 500,000 pounds
instead of 17 million pounds under GDPR.
35
Cybercrime-Research and Discussion
Introduction and Thesis
Cyber-crime has become the most heinous crime of today’s generation and by every passing day
number of hacking groups and their attacking techniques are increasing. This imposes a serious
threat on the upcoming digital life we are dreaming of. All of the cases that has been discussed
here shows that hackers are trying to find a weakness within the company and as soon it find one
the gap is made wider and wider until the attack.
The reason for the assault happened in every one of the cases is by all accounts the carelessness,
the carelessness for taking appropriate safety efforts and fixing them at whatever point
fundamental, the carelessness for legitimately tending to the ruptures or utilization of
extraordinary validation administrations which could help in keeping the extortion in the lead
position.
In future the points of focus for the cyber criminals could be vital information resources such as
national identity cards of the citizens that are connected from their mobile number to their bank
accounts. The companies need to focus on personalization, globalized sensor proliferation and
data aggregation to be done within legal frameworks so that privacy and security is ensured.
Rapid PCs with enormous figuring power are being produced to help computerized reasoning
applications, apply autonomy and machine learning. The registering intensity of these machines
can undoubtedly break the present encryption advancements and cause devastation in the event
that they get under the control of a digital criminal.
36
Introduction and Thesis
Cyber-crime has become the most heinous crime of today’s generation and by every passing day
number of hacking groups and their attacking techniques are increasing. This imposes a serious
threat on the upcoming digital life we are dreaming of. All of the cases that has been discussed
here shows that hackers are trying to find a weakness within the company and as soon it find one
the gap is made wider and wider until the attack.
The reason for the assault happened in every one of the cases is by all accounts the carelessness,
the carelessness for taking appropriate safety efforts and fixing them at whatever point
fundamental, the carelessness for legitimately tending to the ruptures or utilization of
extraordinary validation administrations which could help in keeping the extortion in the lead
position.
In future the points of focus for the cyber criminals could be vital information resources such as
national identity cards of the citizens that are connected from their mobile number to their bank
accounts. The companies need to focus on personalization, globalized sensor proliferation and
data aggregation to be done within legal frameworks so that privacy and security is ensured.
Rapid PCs with enormous figuring power are being produced to help computerized reasoning
applications, apply autonomy and machine learning. The registering intensity of these machines
can undoubtedly break the present encryption advancements and cause devastation in the event
that they get under the control of a digital criminal.
36
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Cybercrime-Research and Discussion
References
Lomas, N. (2018). Dixons Carphone discloses data breach affecting 5.9M payment cards, 105k
of which were compromised, Retrieved on 5th October 2018, from
https://techcrunch.com/2018/06/13/dixons-carphone-discloses-data-breach-affecting-5-9m-
payment-cards-105k-of-which-were-compromised/
Harakk, K. (2018). 105K Payment Cards without Pin Protection Compromised in Cyber Attack
on Dixons Carphone, Retrieved on 5th October 2018, from
https://harakk.wordpress.com/2018/06/13/105k-payment-cards-without-pin-protection-
compromised-in-cyber-attack-on-dixons-carphone/
Davey, J. (2018). Britain's Dixons Carphone suffers cyber-attack on customer data, Reuters,
Retrieved on 5th October 2018, from https://www.reuters.com/article/us-dixons-carphone-
cybercrime/britains-dixons-carphone-suffers-cyber-attack-on-customer-data-idUSKBN1J90OL
Dogra, S. (2018). 105K Payment Cards Without Pin Protection Compromised in Cyber Attack
on Dixons Carphone, Retrieved on 5th October 2018, from
https://www.news18.com/news/tech/105k-payment-cards-without-pin-protection-compromised-
in-cyber-attack-on-dixons-carphone-1777097.html
37
References
Lomas, N. (2018). Dixons Carphone discloses data breach affecting 5.9M payment cards, 105k
of which were compromised, Retrieved on 5th October 2018, from
https://techcrunch.com/2018/06/13/dixons-carphone-discloses-data-breach-affecting-5-9m-
payment-cards-105k-of-which-were-compromised/
Harakk, K. (2018). 105K Payment Cards without Pin Protection Compromised in Cyber Attack
on Dixons Carphone, Retrieved on 5th October 2018, from
https://harakk.wordpress.com/2018/06/13/105k-payment-cards-without-pin-protection-
compromised-in-cyber-attack-on-dixons-carphone/
Davey, J. (2018). Britain's Dixons Carphone suffers cyber-attack on customer data, Reuters,
Retrieved on 5th October 2018, from https://www.reuters.com/article/us-dixons-carphone-
cybercrime/britains-dixons-carphone-suffers-cyber-attack-on-customer-data-idUSKBN1J90OL
Dogra, S. (2018). 105K Payment Cards Without Pin Protection Compromised in Cyber Attack
on Dixons Carphone, Retrieved on 5th October 2018, from
https://www.news18.com/news/tech/105k-payment-cards-without-pin-protection-compromised-
in-cyber-attack-on-dixons-carphone-1777097.html
37
Cybercrime-Research and Discussion
Group Analysis on Cyber-crimes
Cyber-attack or Cyber-crime alludes to any criminal movement perpetrated with the guide of or
in the field of the Internet and similar media communications, is both a new manifestation of old
attacks through another medium, and a special element of its own. In all manners it is related to
conventional crimes but four: physical absence of the perpetrator after committing the crime,
minimal resource requirement when the damage is potentially very large, too easy to commit and
sometimes not completely illegal.
Negligence of tightened security becomes the main cause during any cyber-attack. The
perception that it will never happen to me is the cause that cybercrimes are becoming so intense.
Company does not want to increase their security budget and hence ends suffering loss of
millions. Attack on banks is now becoming an every month issue. Every other month we hear of
one or the other bank looted for millions and nothing can they do about the lost money. This act
of gaining unauthorized access and using it for personal gain is called as Salami Attack. Another
kind of attack which is now-a-days very major issue is Email bombing. In this kind of attack fake
mails are sent to everyone on the database in the name good branded company’s like Samsung
and in case the link provided is being clicked by the user, hackers get a successful hold of the
user’s system and can gain access.
Everyday laws are changing to include all kinds of criminal activities that are arising on daily
basis but are they getting implemented well? One of the cyber-attack laws is: Computer Crime
Act 1997: According to this act it gives protection against all kind of criminal activity related to
computers for example, cracking of computer networks and systems, hacking, data transmission
in an illegal manner, unauthorized use of programs. But if hackers are never get caught then how
the law will help in protecting user rights.
38
Group Analysis on Cyber-crimes
Cyber-attack or Cyber-crime alludes to any criminal movement perpetrated with the guide of or
in the field of the Internet and similar media communications, is both a new manifestation of old
attacks through another medium, and a special element of its own. In all manners it is related to
conventional crimes but four: physical absence of the perpetrator after committing the crime,
minimal resource requirement when the damage is potentially very large, too easy to commit and
sometimes not completely illegal.
Negligence of tightened security becomes the main cause during any cyber-attack. The
perception that it will never happen to me is the cause that cybercrimes are becoming so intense.
Company does not want to increase their security budget and hence ends suffering loss of
millions. Attack on banks is now becoming an every month issue. Every other month we hear of
one or the other bank looted for millions and nothing can they do about the lost money. This act
of gaining unauthorized access and using it for personal gain is called as Salami Attack. Another
kind of attack which is now-a-days very major issue is Email bombing. In this kind of attack fake
mails are sent to everyone on the database in the name good branded company’s like Samsung
and in case the link provided is being clicked by the user, hackers get a successful hold of the
user’s system and can gain access.
Everyday laws are changing to include all kinds of criminal activities that are arising on daily
basis but are they getting implemented well? One of the cyber-attack laws is: Computer Crime
Act 1997: According to this act it gives protection against all kind of criminal activity related to
computers for example, cracking of computer networks and systems, hacking, data transmission
in an illegal manner, unauthorized use of programs. But if hackers are never get caught then how
the law will help in protecting user rights.
38
Cybercrime-Research and Discussion
Under recent cyber-attack such as Trickbot and WannaCry, the technology that has been used
found to be worm functionality which helped in spreading malware. Our exploration proposes
that more malware families will utilize this strategy one year from now in light of the fact that,
contrasted with numerous different strategies, a system traded off from worms spreads
considerably quicker. A typical destruction of the worm approach is that it tends to make more
clamor and can be identified quicker. Be that as it may, if programmers can figure out how to
resolve this wrinkle then this strategy can hoard a substantial number of casualties rapidly.
With more gadgets, including therapeutic gadget innovation, ready to interface straightforwardly
to the web, the Internet of Things is constantly growing. Internet of Things has various
advantages; more prominent network implies better information and examination. Be that as it
may, jars of worms are holding up to be opened, including information misfortune, information
control and unapproved access to gadgets.
The human services industry, specifically, should nearly look at another time of network to
guarantee quiet security. Keeping in mind the end goal to battle the danger, gadgets ought to
have strict confirmation, constrained access and intensely checked gadget to-gadget
correspondences. Vitally, these gadgets should be scrambled - a duty that is probably going to be
driven by outsider security suppliers.
39
Under recent cyber-attack such as Trickbot and WannaCry, the technology that has been used
found to be worm functionality which helped in spreading malware. Our exploration proposes
that more malware families will utilize this strategy one year from now in light of the fact that,
contrasted with numerous different strategies, a system traded off from worms spreads
considerably quicker. A typical destruction of the worm approach is that it tends to make more
clamor and can be identified quicker. Be that as it may, if programmers can figure out how to
resolve this wrinkle then this strategy can hoard a substantial number of casualties rapidly.
With more gadgets, including therapeutic gadget innovation, ready to interface straightforwardly
to the web, the Internet of Things is constantly growing. Internet of Things has various
advantages; more prominent network implies better information and examination. Be that as it
may, jars of worms are holding up to be opened, including information misfortune, information
control and unapproved access to gadgets.
The human services industry, specifically, should nearly look at another time of network to
guarantee quiet security. Keeping in mind the end goal to battle the danger, gadgets ought to
have strict confirmation, constrained access and intensely checked gadget to-gadget
correspondences. Vitally, these gadgets should be scrambled - a duty that is probably going to be
driven by outsider security suppliers.
39
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Cybercrime-Research and Discussion
Conclusion
The concern related to cyber-crimes and attacks happening are serious and infecting and
affecting target audiences in a bad manner and as discussed in this paper there is no relief
expected from all this in the near future. Year 2017 saw how the entities related to the
government of Saudi Arabia was attacked by a macro in word and an information stealing Trojan
was injected into the target computer. The hackers used malware scripts to stay and operate and
their network is so big that it becomes almost impossible to stop or catch them within a limited
time frame.
However, it’s not all doom and gloom- If hackers are advancing with their techniques so are the
protectors and security companies. There is much software available that guide on preparing and
protecting systems with utmost security.
Organizations must embrace a layered way to deal with security, utilizing both current
arrangements that utilization machine learning and conduct examination to hinder these
customary dangers and hostile to malware for the further developed. In addition, all staff
individuals must comprehend the gravity of the risk presented by obsolete programming with
customary instruction instructional meetings.
40
Conclusion
The concern related to cyber-crimes and attacks happening are serious and infecting and
affecting target audiences in a bad manner and as discussed in this paper there is no relief
expected from all this in the near future. Year 2017 saw how the entities related to the
government of Saudi Arabia was attacked by a macro in word and an information stealing Trojan
was injected into the target computer. The hackers used malware scripts to stay and operate and
their network is so big that it becomes almost impossible to stop or catch them within a limited
time frame.
However, it’s not all doom and gloom- If hackers are advancing with their techniques so are the
protectors and security companies. There is much software available that guide on preparing and
protecting systems with utmost security.
Organizations must embrace a layered way to deal with security, utilizing both current
arrangements that utilization machine learning and conduct examination to hinder these
customary dangers and hostile to malware for the further developed. In addition, all staff
individuals must comprehend the gravity of the risk presented by obsolete programming with
customary instruction instructional meetings.
40
Cybercrime-Research and Discussion
41
41
1 out of 42
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.