You are on page 1of 41

PROJECT REPORT

CYBER SECURITY

CONTENT

PAGE NO.
1. CYBER
SECURITY............................................................
.......................... 1
1.1.1
WHAT
IS
CYBER
SECURITY............................................................
...... 2
1.1.2
WHY
IS
CYBER
SECURITY
IMPORTANT............................................ 2
1.2
HOMELAND
SECURITY............................................................
..............
1.2.1
INTRODUCTION...................................................
.................................
1.2.2 EVOLUTION OF HOMELAND SECURITY
CONCEPT.....................
1.2.3
WHAT
DHS
DO
IN
HOMELAND
SECURITY......................................
1.2.4
DIVISION
IN
HOMELAND
SECURITY
INVESTIGATION...............
1.2.5
GOALS
OF
HOMELAND
SECURITY...................................................
1.2.6
CONCLUSION......................................................
....................................
2

2.
CYBER
CRIME................................................................
..............................
2.0.1
INTRODUCTION...................................................
..................................
2.0.2
WHAT
IS
CYBER
CRIME................................................................
.......
2.0.3
CAUSE
OF
CYBER
CRIME................................................................
.....
2.0.4
TYPES
OF
CYBER
CRIME................................................................
......
2.0.5
HOW
TO
ERADICATE
CYBER
CRIME.................................................
2.1.0
ESTONIA
CASE..................................................................
......................
2.1.1
INTRODUCTION...................................................
....................................
2.1.2
ETHNIC
TENSIONS
IN
ESTONIA..........................................................
2.1.3 MULTINATIONAL RESPONSES TO CYBER
TERROR........................
2.1.4
CONCLUSION......................................................
.......................................
3

2.2.0
ATHENS
AFFAIR:
THE
WIRETAP
CASE...............................................
2.2.1INTRODUCTION............................................
..............................................
2.2.2
DISCOVERY
OF
ILLEGAL
TAPS..............................................................
2.2.3
FALLOUT.............................................................
.........................................
2.2.4
CONCLUSION......................................................
.........................................
1.1.1 WHAT IS CYBER SECURITY?

Cyber security, also referred to as


information technology security, focuses
on protecting computers, networks,
programs and data from unintended or
unauthorized
access,
change
or
destruction.
1.1.2 WHY IS CYBER SECURITY IMPORTANT?

Governments, military, corporations,


financial institutions, hospitals and other
businesses collect, process and store a
great deal of confidential information on
computers and transmit that data
across networks to other computers.
4

With
the
growing
volume
and
sophistication of cyber attacks, ongoing
attention is required to protect sensitive
business and personal information, as
well as safeguard national security.
During a Senate hearing in March 2013,
the nation's top intelligence officials
warned that cyber attacks and digital
spying are the top threat to national
security, eclipsing terrorism.

cyber crime

2.0.1INTRODUCTION
O
Over the past twenty years,
unscrupulous computer users have
continued to use the computer to
commit crimes; this has greatly
fascinated people and evoked a mixed
feeling of admiration and fear. This
phenomenon has seen sophisticated
6

and unprecedented increase recently


and has called for quick response in
providing laws that would protect the
cyber space and its users. The level of
sophistication has gone high to the point
of using the system to commit murder
and other havoc.
This work seeks to define the
concept of cyber-crime, identify reasons
for cyber-crime, how it can be
eradicated, look at those involved and
the reasons for their involvement, we
would look at how best to detect a
criminal mail and in conclusion, proffer
recommendations that would help in
checking the increasing rate of cybercrimes and criminals.

2.0.2 WHAT IS CYBER CRIME?


Cyber-crime by definition is any
harmful act committed from or against a
computer or network. According to
McConnell International, Cyber Crime
are most terrestrial crimes in four ways:
Firstly they are easy to learn. Secondly,
they require few resources relative to
the potential damages caused. Thirdly,
they can be committed in a jurisdiction
without being physically present in it
and fourthly, they are often not clearly
illegal.
Another definition given by the
Director of Computer Crime Research
Centre (CCRC) during an interview on
the 27th April 2004 is that "CyberCrime"(computer crime) is any illegal
behaviour directed by means of
electronic operations that targets the
security of computer systems and the
data processed by them. In essence,
cyber-crime is crime committed in a
8

virtual space and a virtual space is


fashioned in a way that information
about persons, objects, facts, events,
phenomena
or
processes
are
represented in mathematical, symbol or
any other way and transferred through
local and global networks.
From the above, we can deduce
that cyber crime has to do with
wrecking of havoc on computer data or
networks
through
interception,
interference or destruction of such data
or systems.
It involves committing
crime against computer systems or the
use of the computer in committing
crimes.

2.0.3 CAUSES OF CYBER CRIME


There are many reasons
why cyber-criminals commit cybercrime, chief among them are these
three listed below:
9

Cyber crimes can be committed for


the sake of recognition.
This is
basically committed by youngsters
who want to be noticed and feel
among the group of the big and tough
guys in the society. They do not mean
to hurt anyone in particular; they fall
into the category of the Idealists; who
just want to be in spotlight.
Another cause of cyber-crime is to
make quick money.
This group is
greed motivated and is career
criminals, who tamper with data on
the net or system especially, ecommerce, e-banking data information
with the sole aim of committing fraud
and swindling money off unsuspecting
customers.
Thirdly,
cyber-crime
can
be
committed to fight a cause one thinks
he believes in; to cause threat and
most often damages that affect the
recipients adversely. This is the most
dangerous of all the causes of cybercrime. Those involve believe that they
are fighting a just cause and so do not
mind who or what they destroy in their
10

quest to get their goals achieved.


These are the cyber-terrorists.

2.0.4 TYPES OF CYBER CRIME

Theft
of
telecommunication
services

Communication in furtherance of
criminal
c
conspiracies

Telecommunication piracy

Dissemination
of
offensive
material

Electronic money laundering and


tax evasion

Electronic vandalism, terrorism


and extortion

Sales and investment fraud

Illegal
interception
of
telecommunications

Electronic funds transfer fraud

11

2.0.5 CYBER CRIME HOW TO


ERADICATE
Research has shown that no
law can be put in place to effectively
eradicate the scourge of cyber-crime.
Attempts have been made locally and
internationally, but these laws still have
shot-comings. What constitutes a crime
in a country may not in another, so this
has always made it easy for cyber
criminals to go free after being caught.

12

It has been proven that they


help big companies and government see
security holes which career criminals or
even cyber-terrorist could use to attack
them in future. Most often, companies
engage them as consultants to help them
build solid security for their systems and
data. The Idealists often help the society
through their highly mediatised and
individually harmless actions, they help
important organizations to discover their
high-tech
security
holes.
The
enforcement of law on them can only
trigger trouble, because they would not
stop but would want to defy the law.
Moreover, if the goal of the cyber-crime
legislation is to eradicate cyber-crime, it
mint well eradicate instead a whole new
culture. Investments in education is a
much better way to prevent their actions.
Another means of
eradicating cyber-crime is to harmonize
international cooperation and law, this
goes for the greed motivated and cyberterrorists. They cannot be fought by
education, because they are already
established criminals, so they can not
13

behave. The only appropriate way to


fight them is by enacting new laws,
harmonize international legislations and
encourage coordination and cooperation
between
national
law
enforcement
agencies.

HOMELAND
SECURITY

14

1.2.1INTRODUCTI
ON
Homeland security is an American
umbrella term for "the national effort to
ensure a homeland that is safe, secure,
and resilient against terrorism and other
hazards where American interests,
aspirations, and ways of life can thrive
to the national effort to prevent terrorist
attacks within the United States, reduce
the vulnerability of the U.S. to terrorism,
and minimize the damage from attacks
that do occur.
Ten years after the 9/11 terrorist
attacks,
policymakers
continue
to
grapple with the definition of homeland
security. Prior to 9/11, the United States
15

addressed crises through the separate


prisms
of
national
defence,
law
enforcement,
and
emergency
management. 9/11 prompted a strategic
process that included a debate over and
the development of homeland security
policy.
Today,
this
debate
and
development has resulted in numerous
federal entities with homeland security
responsibilities. For example, there are
30 federal entities that receive annual
homeland security funding excluding the
Department of Homeland Security
(DHS). The Office of Management and
Budget (OMB) estimates that 48% of
annual homeland security funding is
appropriated to these federal entities,
with the Department of Defence(DOD)
receiving approximately 26% of total
federal homeland security funding. DHS
receives approximately 52%.

1.2.2 Evolution of Homeland


Security Concept
16

The concept of homeland security has


evolved over the last decade. Homeland
security as a concept was precipitated
by the terrorist attacks of 9/11.
However, prior to 9/11 such entities as
the Gilmore Commission and the United
States Commission on National Security
discussed the need to evolve the way
national
security
policy
was
conceptualized due to the end of the
Cold War and the rise of radicalized
terrorism. After 9/11, policymakers
concluded that a new approach was
needed to address the large-scale
terrorist attacks. A presidential council
and department were established, and a
series of presidential directives were
issued in the name of "homeland
security".
These
developments
established that homeland security was
a distinct, but undefined concept. Later,
the federal, state, and local government
responses to disasters such as Hurricane
Katrina expanded the concept of
homeland security to include significant
disasters,
major
public
health
emergencies, and other events that
17

threaten the United States, its economy,


the rule of law, and government
operations. This later expansion of the
concept of homeland security solidified
it as something distinct from other
federal government security operations
such as homeland defence.

1.2.3 WHAT dhs DO in


homeland security
DHS Science and
Technology
Directorate
(S&T)
strengthens Americas security and
resiliency by providing knowledge
products and innovative technology
solutions for the Homeland Security
Enterprise (HSE). Homeland Security
Advanced Research Projects Agency
(HSARPA)
focuses
on
identifying,
developing,
and
transitioning
technologies and capabilities to counter
chemical, biological, explosive, and
18

cyber terrorism threats, as well as


protect our nations borders and
infrastructure. HSARPA divisions work
directly with DHS components to better
understand and address their highpriority
requirements
and
define
operational context by conducting
analyses of current missions, systems,
and processes. This process ultimately
identifies operational gaps where S&T
can have the greatest impact on
operating efficiency and increasing
capability. In addition, Apex Technology
Engines
(Engines)
power
open
innovation by harnessing subject matter
experts and capabilities across DHS.
Efforts
include
basic
technical
evaluations,
knowledge
products,
developmental improvements, full lifecycle research, and piloting of new and
existing technologies.

19

1.2.4 DIVISION IN HOMELAND


To accomplish its mission, HSI is
organized into the following divisions:

Borders
and
Maritime
Security
Division:
Prevents
contraband, criminals, and terrorists
from entering the United States,
while permitting the lawful flow of
commerce and visitors.

Chemical
and
Biological
Defence Division: Detects, protects
against, responds to, and recovers
from biological or chemical threats
and events.

Cyber
Security
Division:
Creates a safe, secure, and resilient
cyber environment.

Explosives Division: Detects,


prevents, and mitigates explosives
attacks
against
people
and
infrastructure.
20


Resilient Systems Division:
Enhances resilience to prevent and
protect against threats, mitigates
hazards, responds to disasters, and
expedites recovery.

1.2.5 GOALS OF HOMELAND


SECURITY
Prevent and disrupt terrorist
attacks
Protect the American people, our
critical infrastructure, and key
resources;
Respond to and recover from
incidents that do occur
Continue to strengthen the
foundation to ensure our long-term
success.

1.2.6 CONCLUSION
21

ESTONIA CASE

22

2.1.1 Introduction
During the information age,
the Internet has facilitated dramatic
increases in worldwide interconnectivity
and communication. This form of
globalization has yielded benefits, such
as improved standards of living in the
developing world, but it has also given
rise to new weapons of resistance for
groups seeking to oppose certain
political measures and ideologies. One
demonstration of the latter point came
about through the cyber attacks on
Estonia in April and May 2007 by digital
activists from the Russian diasporas.
This
article
examines
these
23

fundamentally
political
attacks
in
cyberspace within the overall context of
globalization. It argues that the situation
that unfolded in Estonia in the spring of
2007 illustrates the increasing ability of
transnational networks to use digital
tools to challenge the policies and
sovereignty of nation-states worldwide.
However, the multinational responses to
the Estonian cyber terrorist attacks
demonstrate the growing interest of
states in defending national sovereignty
in the realm of cyberspace.

2.1.2 Ethnic Tensions in


Estonia
Estonia and Russia have a
long history of strife in their bilateral
relationship, and the problems between
these ethnic populations date back to
hundreds of years before the existence
of modern nation-states. Following the
Soviet annexation of the Baltic States in
1940, and throughout the Cold War, the
Kremlin
relocated
hundreds
of
24

thousands of ethnic Russians to Estonia.


The purpose behind these mass
migrations was two-fold: to increase
cohesion in the Eastern Bloc and to
"Russify" Estonian culture. Following the
end of the Cold War and the dissolution
of the U.S.S.R., the government in
Tallinn implemented policies designed to
minimize Russian influences on Estonian
culture. And although Estonia joined
NATO in 2004 and received the Atlantic
Alliance's,
distrust
of
Moscow's
intentions remains strong. After several
years of lobbying, Estonia recently
received NATO contingency plans to
protect the country in the event of a
hypothetical Russian invasion. There are
also reports that the government has
even created house-to-house defence
plans against Russian aggression. The
cyber attacks on Estonia occurred within
the overall climate of tension between
ethnic Estonians and the country's
Russian minority population. On April
30, 2007, the government moved the
Bronze
Soldier
a
memorial
commemorating the Soviet liberation of
25

Estonia from the Nazis from Tnismgi


Park in central Tallinn to the Tallinn
Military Cemetery. This decision sparked
rioting among the Russian speaking
community, which comprised around 26
percent of Estonia's population in 2007.
To ethnic Estonians, the Bronze Soldier
symbolized Soviet oppression. But to
Russian
minorities,
its
relocation
represented further marginalization of
their ethnic identity. As Mary Kaldor and
David Szakonyi argue a perceived attack
on the identity of a subordinate group is
likely to provoke a nationalist backlash,
as occurred in Estonia. In addition to
rioting and violence from April 27 to May
18, distributed denial-of-service (DDoS)
cyber attacks targeting the country's
infrastructure shut down the websites of
all government ministries, two major
banks, and several political parties. At
one point, hackers even disabled the
parliamentary email server.8 Estonian
officials like Foreign Minister Urmas Paet
quickly accused Russia of perpetrating
the attacks, but European Commission
and NATO technical experts were unable
26

to find credible evidence of Kremlin


participation in the DDoS strikes.

2.1.3 Multinational Responses


to Cyber Terror

The 2007 cyber terrorism on


Estonia was more than just a temporary
nuisance; rather, it was a mild version of
a new form of digital violence that could
halt public services, commerce, and
government
operations.
Estonian
Defence
Minister
Jaak
Aaviksoo
observed that successful cyber attacks
"can effectively be compared to when
your ports are shut to the sea." A
blockade is a fitting analogy, as future
cyber-terrorist attacks may disrupt a
country's water and electricity supplies,
telecommunications
(severing
its
connections to the world), and national
defences. The seriousness of the attacks
on
Estonia
generated
a
rapid
international response. Estonia had few
formal
cyber-defence
preparations
outside of its framework for countering
traditional acts of terrorism, and the
27

government
Computer
Emergency
Response Team (CERT) required Finnish,
German,
Israeli,
and
Slovenian
assistance to restore normal network
operations.
NATO
CERTs
provided
additional assistance, while the EU's
European Network and Information
Security Agency (ENISA) offered expert
technical assessments of the developing
situation. Further, a high level of
intelligence sharing took place among
western countries during the crisis.
While
Russian-speaking
hackers
employed the Internet as a weapon and
tool of mobilization, Estonia and its
allies
used
digital
networks
to
successfully counter the attacks. During
and after the DDoS strikes, NATO and EU
member states began to debate new
directions for cyber security and the
appropriate punishments for states
found to have engaged in digital
warfare.
Sanctions
were
one
punishment option that received fairly
widespread support. Additionally, one
German official even recommended that
NATO consider extending its Article 5
28

security guarantees to the realm of


cyberspace. At its Bucharest Summit in
April 2008, NATO adopted a unified
Policy on Cyber Defence and created the
Brussels-based
Cyber
Defence
Management Authority (CDMA) to
centralise cyber defence operational
capabilities across the Alliance. And in
August 2008, Tallinn became home to
the NATO Cooperative Cyber Defence
Centre of Excellence (CCDCE), the
Atlantic
Alliance's
cyber-security
headquarters. On the EU front, in
November
2010,
the
organization
released its Internal Security Strategy,
which calls for integrated responses to
cyber-security threats and significant
expansion of ENISA's duties beyond its
previously limited analytical role.

2.1.4 Conclusion
The severity of the Estonian
cyber attacks served as a wake-up call
to the world, as it became clear that
potentially autonomous transnational
networks like unhappy pro-Kremlin
29

"hacktivists"
could
avenge
their
grievances by digitally targeting and
nearly
crippling
the
critical
infrastructure
of
technically
sophisticated nation-states. In the
future, an enhanced focus on cyber
security
and
new
multinational
strategies and institutions will be
instrumental in countering electronic
threats to the sovereignty and survival
of states. However, the world of
information security is not unlike the
traditional global security environment;
for each visible action, there is
oftentimes a commensurate reaction.
The attacks on Estonia will likely
encourage
future
groups
of
transnational imitators, and the events
of spring 2007 have provided states
with important information for the
further development and improvement
of their own cyber-warfare capabilities.
The benefits of the
information age are numerous, but
nascent threats like transnational cyber
terrorism and information warfare exist
alongside the positive aspects of
30

globalization. In this period of IT-driven


globalization, the attacks on Estonia
demonstrate that even NATO Article 5
and U.S. nuclear umbrella guarantees
cannot ensure the protection of the
nation. Just as the world economy has
adapted to the digital era, the Estonian
cyber terrorism case indicates that the
foreign and security policies of nationstates must also do so, as difficult-toattribute asymmetric threats stemming
from the Internet are likely to harm
nation-states in the future.

31

ATHEN AFFAIR(THE WIRE TAPING


CASE)
(2004-2015)

2.2.1 INTRODUCTION
32

The Greek wiretapping case of


2004-2005, also referred to as Greek
Watergate involved the illegal tapping of
more
than
100 mobile
phones on
the Vodafone Greece network belonging
mostly
to
members
of
the Greek government and top-ranking
civil servants. The taps began sometime
near the beginning of August 2004 and
were removed in March 2005 without
discovering
the
identity
of
the
perpetrators.
The phones tapped included
those of the Prime Minister Kostas
Karamanlis and members of his family,
the Mayor of Athens, Dora Bakoyannis,
and the top officers at the Ministry of
Defence, the Ministry of Foreign Affairs,
the Ministry for Public Order, members of
the ruling party, ranking members of the
opposition Panhellenic
Socialist
Movement party (PASOK), the Hellenic
33

Navy General Staff, the previous Minister


of Defence and one, a locally hired Greek
American employee of the American
Embassy. Phones of Athens-based Arab
businessmen were also tapped.
Foreign and Greek media have
raised United
States intelligence
agencies
as
the
main
suspects. AFP reported that one Greek
official stated on background that the
likely initial penetration occurred during
the run-up to the 2004 Athens Olympics,
stating: "it is evident that the wiretaps
were organized by foreign intelligence
agencies, for security reasons related to
the 2004 Olympic Games. The leader of
the PASOK socialist
opposition George
Papandreou said
that
the
Greek
government itself had pointed towards
the US as responsible for the wiretaps by
giving up the zone of listening range, in
which the US embassy was included.

34

2.2.2 DISCOVERY OF ILLEGAL


TAPS
On January 24, 2005, an
intruder update of exchange software
resulted in customer text messages not
being
sent. Vodafone
Greece sent
firmware dumps of the affected
exchanges to Ericsson for analysis. On
March 4, 2005, Ericsson located the
rogue code, 6500 lines of code written
in the PLEX programming language used
by Ericsson AXE switches. Writing such
sophisticated code in a very esoteric
language required a high level of
expertise. Much of Ericsson's software
development for AXE had been done by
an Athens-based company named
Intracom Telecom, so the skills needed
to write the rogue software were likely
available within Greece.
On March 7, 2005, Ericsson
notified Vodafone of the existence of
rogue wiretaps and software in their
systems. The next day the general
manager of the Greek Vodafone branch,
35

George Koronias, asked for the software


to be removed and deactivated.
Because the rogue software was
removed before law enforcement had an
opportunity
to
investigate,
the
perpetrators were likely alerted that
their software had been found and had
ample opportunity to turn off the
"shadow" phones to avoid detection. On
March 9, the Network Planning Manager
for Vodafone Greece, Kostas Tsalikidis,
was found dead in an apparent suicide.
According to several experts questioned
by the Greek press, Tsalikidis was a key
witness
in
the
investigation
of
responsibility of the wiretaps. After fourmonth investigation of his death,
Supreme Court prosecutor Dimitris Linos
said that the death of Kostas Tsalikidis
was directly linked to the scandal. "If
there had not been the phone tapping,
there would not have been a suicide.
A preliminary judicial investigation was
carried out, which, due to the
complexity of the case, lasted until
February 1, 2006. The preliminary
investigation did not point out any
36

persons connected with the case. The


investigation was hindered by the fact
that Vodafone disabled the interception
system, and therefore locating the
intercepting phones was no longer
possible (the phones were apparently
switched off), and that Vodafone had
incorrectly purged all access logs. Police
rounded up and questioned as suspects
persons who called the monitoring
phones, but all callers claimed they
called these phones because their
number was previously used by another
person.

2.2.3 FALLOUT
The investigation into the
matter was further hampered when
Greek law enforcement officials began
to make accusations at both Vodafone
and Ericsson, which forced experts on
the defensive. .A recent appeal of the
main opposition party, PASOK, to form
an
investigating
parliamentary
committee
was
rejected
by
the
governing party.
37

In December 2006 Vodafone


Greece was fined 76 million by the
Communications
Privacy
Protection
Authority, a Greek privacy watchdog
group, for the illegal wiretapping of 106
cell phones. The fine was calculated as
500,000 for each phone that was
eavesdropped on, as well as a 15
million
fine
for
impeding
their
investigation.
On October 19, 2007,
Vodafone Greece was again fined 19
million
by
EETT,
the
national
telecommunications
regulator,
for
alleged breach of privacy rules. On
September
2011,
new
evidence
emerged indicated the US Embassy in
Athens was behind the telephone
interceptions. The key evidence of
complicity was that out of the 14
anonymous prepaid mobile phones used
for the interception, three had been
purchased by the same person at the
same time as a fourth one. The fourth
phone called mobile phones and
landlines registered with the US
Embassy in Athens. With a sim card
38

registered to the US Embassy, it also


called two telephone numbers in Ellicott
City and Catonsville, Maryland, both
NSA bedroom communities. A criminal
investigation was launched, and in
February 2015, Greek investigators were
finally able to finger a suspect, William
George Basil, a NSA operative from a
Greek immigrant background. Greek
authorities have issued a warrant for
Basil's arrest, who has since gone into
hiding.

2.2.4 CONCLUSION
So what can this affair teach
us about how to protect phone
networks? Once the infiltration was
discovered, Vodafone had to balance the
need for the continued operation of the
network
with
the
discovery
and
prosecution of the guilty parties.
Unfortunately,
the
responses
of
Vodafone and that of Greek law
enforcement were both inadequate.
Through Vodafone's actions, critical data
were lost or destroyed, while the
perpetrators not only received a warning
39

that their scheme had been discovered


but also had sufficient time to disappear.
In the telecommunications industry,
prevailing best practices require that the
operator's policies include procedures
for responding to an infiltration, such as
a virus attack: retain all data, isolate the
part of the system that's been broken
into as much as possible, coordinate
activities with law enforcement.
Of course, in countries where
such high-tech crimes are rare, it is
unreasonable to expect to find a crack
team of investigators. Could a rapid
deployment force be set up to handle
such high-profile and highly technical
incidents? We'd like to see the
international police organization Interpol
create a cyber forensics response team
that countries could call on to handle
such incidents.

40

41