01.

Cyber crime refers to criminal activity where a computer or a network is the

source, tool, target, or site of a crime. Although the terms computer crime and cyber crime are more

properly restricted to describing criminal activity in which the computer or network is a necessary

part of the crime, these terms are also sometimes used to include crimes such as fraud, theft,

blackmail and forgery in which computers or networks are used. Cyber crimes of multiple kinds in

Pakistan have increased by five times over the past four years, officials say. According to the Cyber

Crime Unit (CCU), a branch of Pakistan’s Federal Investigation Agency (FIA), 62 cases were reported to

the unit in 2007, 287 cases in 2008 and while the ratio dropped in 2009, in 2010 more than 312 cases

were registered in different categories of cyber crimes. It has increased much more in the years 2013

and 2014. Rather than making good and constructive use of information technology, people are more

interested in its misuse. Many developed countries have introduced different policies and laws to

restrain the destructive use of cyber facilities but in Pakistan there is still a lack of a proper system to

deal with this. There are a number of cyber crimes in Pakistan, mainly involving pornography, sale of

illegal articles, intellectual property crime, email spoofing, cyber stalking, forgery, unauthorised

access to computer systems, hacking of social media accounts, theft of information contained in

electronic form, virus attacks, internet time theft, password cracking and financial cyber crimes (i.e.

hacking credit card numbers and bank accounts) and many more. People need to understand that

these are crimes. Government and law enforcement agencies are trying to come up with more

appropriate ways to regulate the internet and make more laws but it is a major task because cyber

laws vary from country to country. What is illegal in our country might not be illegal in other

countries so it is hard to regulate the internet. Some government departments in Pakistan are

working and doing their best to find ways to make the internet safer but I personally believe that

there is a lot more to be done. More serious steps have to be taken in order to solve these crimes and

to prevent them so that people feel secure when using the internet.

02.
Cyber crime is the one of the biggest threats all over the world. Almost all countries, including developing African countries, are
combating these threats with extreme legal measures. They have completed their legislation and now there are laws to tackle
cyber criminals.

Unfortunately Pakistan is one of the few countries where cyber crime laws are still in the pipeline waiting for
implementation. It is certainly not as if we don’t face that many cyber crimes here; In fact, Pakistan is currently
facing the following types of it:

Financial crimes

Cyber pornography

Sale of illegal articles

Online gambling

Intellectual property crimes

Email spoofing

Cyber stalking

Forgery

Unauthorised access to computer systems\networks

Theft of information contained in electronic form

Virus/worm attacks

Logic bombs

Trojan attacks

Internet time theft

Password cracking

Buffer overflow

03

Reporting of cybercrimes, especially the harassment and blackmailing of women,

has increased sharply in Pakistan in the last three years, DawnNewsTV reported
on Tuesday citing figures released by the Federal Investigation Agency (FIA).

The agency said that its cybercrime circle has so far conducted 2,295 inquiries, registered 255
cases and made 209 arrests in 2018 — all highest since the Prevention of Electronic Crimes Act
(Peca), 2016 was enforced.

The corresponding figures for 2017 were 1,290 inquiries, 207 cases registered and 160 arrests
made, whereas figures for 2016 stood at 514, 47 and 49.

The FIA admitted that cybercrimes are on the rise in Pakistan but added that "the government's
recent measure to establish 15 new cybercrime reporting centres" will help control the situation.

In June, FIA Cybercrimes Director retired Capt Mohammad Shoaib had told a Senate standing
committee that the agency only has 10 experts to investigate cybercrimes in the country.
 1. What kind of Complaints can be entertained by NR3C ?

The NR3C FIA can entertain the following category of complaints

o Un-Authorized Accessed (Physical Information system, digital
data, personal Identity)
o Email hacking, Fake id on social media (Facebook, Twitter,
Google Plus)
o Online Fund Transfer Fraud through bank, ATM, Easy paisa,
U-paisa, Time pay or any other online fund transfer facility
o Impersonation and defamation on social media (
Facebook, Twitter, Google Plus

CYBER CRIME

Any activity commissioned via computer, digital devices and networks

used in the cyber realm, and is facilitated through the internet medium.
It can include the distant theft of information belonging to an
individual, government or corporate sector through criminal tress-
passing into unauthorized remote systems around the world. It includes
from stealing millions of rupees from online bank to harassing and
stalking cyber users.
Cyber Crime also includes sending viruses on different systems, or
posting defamation messages. Commission of cyber crime can be:
o The computer as a target-attacking the computers (e.g
spreading viruses etc)
o The computer as a weapon-to commits fraud or illegal
gambling
o The computer as an accessory- to store illegal or stolen
information
CYBER CRIME: THE FACTS
o Cyber crime has now surpassed illegal drug trafficking as a
criminal moneymaker
o Somebody’s identity is stolen every 3 seconds as a result of
cyber crime
o Without a sophisticated security package, your unprotected
PC can become infected within four minutes of connecting
to the Internet.

MAJOR ONLINE ACTIVITIES

In Pakistan, internet users range from 10% to 16% of the overall

population
o Social networking
o Online banking
o Internet surfing
o Audio & video communication
o Entertainment
o Online shopping
o Map directions / GPS
o Online education
o Online auction
o Information sharing
o Medical assistance
o Online games

CYBER CRIME CATEGORIES

 Hacking  Computer viruses and worms

 Identity theft  Malicious Software
 Cyber Bullying  Intellectual propertyrights
 Cyber Stalking  Money Laundering
 Financial fraud  Denial of Service attack
  Digital Piracy  Electronic Terrorism, Vandalism and
Extortion

CYBER CRIME CATEGORIES

HACKING

Trying to get into computer systems in order to steal, corrupt, or

illegitimately view data. Hacking comes from the term “hacker”, who is
an expert in computer programming languages and systems. Hacking,
in this sense, means using unusually complex and clever methods to
make computers do things. For some time, however, the popular press
has used the word “hacker” and “hacking” in a negative way to refer
to individuals who try to get into computer systems in order to steal,
corrupt, or illegitimately view data. Hackers themselves maintain that
the proper term for such individuals is “cracker”, and that their activities
should be called cracking. However, in order to be consistent with the
most common usage of the word, we use “hacking” here to refer to
unauthorized access

WEBSITE DEFACEMENT

Website defacement is an attack on a website that changes the visual

appearance of the site or a webpage. This is typically the work of
system crackers, who break into a web server and replace the hosted
website with one of its own. The most common method of defacement
is using SQL Injections to log on to administrator accounts.
Defacements usually consist of an entire page. This page usually
includes the defacer’s pseudonym or “Hacking Codename.”
Sometimes, the Website Defacer makes fun of the system administrator
for failing to maintain server security. Most times, the defacement is
harmless, however, sometimes it can be used as a distraction to cover
up more sinister actions such as uploading malware or deleting
essential files from the server. NR3C has successfully investigated cases
relating to website defacement.
CYBER BULLYING

Cyber stalking (also called cyber harassment) is when someone uses

the Internet to threaten or make unwanted advances towards
someone else. This sort of harassment can cause physical, emotional,
and psychological damage to the victim. Children are particularly
vulnerable because of their trusting nature and give away their
personal information. This information later is used against them for
stalking purpose, therefore the NR3C officials advice that until the
person is not a trusted individual, no information should shared over the
internet.

CYBER STALKING

Using the Internet to threaten or make unwanted advances towards

someone else Cyber stalking (also called cyber harassment) is when
someone uses the Internet to threaten or make unwanted advances
towards someone else. This sort of harassment can cause physical,
emotional, and psychological damage to the victim. Children are
particularly vulnerable because of their trusting nature

CHILD PORNOGRAPHY

The internet evolution has made children a viable victim to the cyber
crime. As more homes have access to internet, children use the
internet and chances have increased where they can fall victim to the
aggression of pedophiles. The easy access to pornographic contents
available over the internet lowers the inhibition of the children.
Pedophiles lure the children by distributing pornographic material, and
try to meet them for sexual activities which also include collection of
their explicit photographs and videos. Mostly pedophiles try to contact
children in chat rooms posing as teenagers, and start to befriend them
to win their confidence.
Each year, countless children around the world fall prey to sexual
predators. These young victims are left with permanent psychological,
physical, and emotional scars. When a recording of that sexual abuse is
made or released onto the Internet, it lives on forever. It haunts the
children depicted in it, who live daily with the knowledge that countless
strangers use an image of their worst experiences for their own
gratification. NR3C, cyber crime unit has zero tolerance for pedophiles,
and is driven to make cyber space a safe place for our children.

SOCIAL ENGINEERING

Social engineering is a technique used by cyber criminals to get access

to confidential information. With social engineering, attackers use
manipulation and deceit to trick victims into giving out confidential
information. Some of the social engineering methods used by
attackers:
o Sending messages that contain dangerous attachments
(e.g. malware) with text that encourage people to open
the attachments.
o Pretending to be the main administrator of a local network
and asking for the victim’s password in order to perform a
maintenance check.
o Telling a victim over the phone that he/she has won a prize,
in return they ask for a credit card number to deliver it.
o o Asking for a user’s password for a certain Internet service,
such as a blog, and later use the same password to access
user’s computer. This technique works because users often
use the same passwords for many different portals.

DATA THEFT

Data theft is the act of stealing computer-based information from an

unknowing victim with the intent of compromising privacy or obtaining
confidential information. Data theft is increasingly a problem for
individual computer users, as well as big corporate firms. The following
categories are most common in data theft cases.
o E-commerce: You should make sure that your data is safe
from prying eyes when you sell or buy things on the Web.
Carelessness can lead to leaking your private account
information.
 o Password cracking: Intruders can access your machine and
get valuable data if it is not password-protected or its
password can be easily decoded (weak password).
o Eavesdropping: Data sent on insecure lines can be
wiretapped and recorded. If no encryption mechanism is
used, there is a good chance of losing your password and
other private information to the eavesdropper.
o Laptop theft: Increasingly incidents of laptop theft from
corporate firms occur with the valuable information stored in
the laptop being sold to competitors. Carelessness and lack
of laptop data encryption can lead to major losses for the
firm.

IDENTITY THEFT

Identity theft refers to a crime where an individual maliciously obtains

and uses another individuals personal/sensitive information to commit
frauds/scams by using the stolen identity. Mostly this crime is committed
for economic gain. The cyber criminal gains access to an individuals
information by stealing e-mail details, stored information on computer
databases, they eavesdrop over the networks to get hold of
transactions. Identity thefts includes but not limited to shoulder surfing,
dumpster diving, spamming, spoofing, phishing, and skimming. NR3C
has successfully investigated numerous cases of identity theft.

FINANCIAL FRAUD

Financial fraud is a criminal behavior in which a person uses wrong

methods to trick a victim out of his money. The Internet fraud scheme is
a common example of financial fraud, which includes emulated online
sales, retail schemes, business opportunity schemes, identity theft,
market manipulation schemes, and credit card schemes.

COMPUTER VIRUSES AND WORMS

A virus is a malicious program that passes from one computer to

another in the same way as a biological virus passes from one person
to another. Most viruses are written with a malicious intent, so that they
may cause damage to programs and data in addition to spreading
themselves. Viruses infect existing programs to alter the behavior of
programs, actively destroy data, and perform actions to storage
devices that render their stored data inaccessible.
A worm is a software program that uses computer networks and
security holes to replicate itself from one computer to another. It usually
performs malicious actions, such as using the resources of computers as
well as shutting down the computers

INTELLECTUAL PROPERTY RIGHTS

Intellectual property rights is concerned with any act that allows access
to patent, trade secrets, customer data, sales trends, and any
confidential information.

DENIAL OF SERVICE ATTACK

A Denial-of-Service (DoS) attack is mounted with the objective of

causing a negative impact on the performance of a computer or
network. It is also known as a network saturation attack or bandwidth
consumption attack. Attackers perform DoS attacks by sending a large
number of protocol packets to the network

CYBER CRIME PREVENTION TIPS

SECURE YOUR SMART PHONES

o Always secure your smartphone with a strong password
o Ensure that your device locks itself automatically
o Install security software
o Only download apps from approved sources
o Check your apps permissions
o Dont miss operating system updates
 o Be wary of any links you receive via email or text message
o Turn off automatic Wi-Fi connection
o When browsing or shopping on your phone (or computer),
always look for "https" in the url instead of "http"

SECURE YOUR ONLINE BANKING

o Never use same PIN CODE for multiple bank accounts
o Never use unprotected PCs at cybercafes for internet
banking
o Never keep your pin code and cards together
o Never leave the PC unattended when using internet
banking in a publicplace
o Register for Mobile SMS, Email Transaction Alerts
o Never reply to emails asking for your password or pin code
o Visit banks website by typing the URL in the address bar
o Log off and close your browser when you are done using
internet banking
o When using ATM always conceal keypad before entering
pin code
o Before using ATM, make sure that there is no extra device
installed in the surroundings

SECURE YOUR FACEBOOK

o Use extra security features to access account (security
code, Login alert etc)
o Use login notification alert
o Allow specific individuals to view your contents (Videos,
Photos and Friends etc.)
o Control who can contact you
o Block your profile from search engines
SECURE YOUR WI-FI
o Change Default Administrator Passwords and Usernames of
the Wi-Fi Router
o Use complex password and change Password after regular
intervals
o Position the Router or Access Point Safely
o Turn off the Network / Wi-Fi routers if it is not in use

SECURE YOUR BROWSING

o What you put online will always remain there
o Never trust any free online content
o Dont provide personal information online to get something
free
o Don’t click on links inside e-mails or messages

WHO IS A CYBER SCOUT

Cyber Scout is a student with unique aim to promote

awareness about cyber crime in the society. A Cyber
Scout is trained to identify cyber crime activities, and
equipped with adequate preventive knowledge to help
fight this menace. He understands the risks associated
with virtual socializing and he works to promote Cyber
safety in his surrounding environment. A Cyber Scout play
a vital role to create Cyber awareness among fellow
students, teachers and parents.

WHAT DO CYBER SCOUTS DO

Cyber Scouts are devoted volunteers to help Pakistan fight technology

driven crime, by general awareness trainings and other activities to
prevent cyber violence. These activities include:
- Cyber Crime Awareness Trainings
- Cyber crime preventive measures
- Parents and teachers Cyber Wise Guide dissemination
- Sharing informationwith NR3C
- Promote careful and responsible use of cyber space
- Directing and helping individuals to report cyber crime
- Patrol cyber space
- Encourage good moral use of Technology

HOW TO BECOME A CYBER SCOUT

Cyber crime awareness campaign by NR3C, FIA, enrolls Cyber Scouts

from different schools and colleges to combat cyber crime at the grass
root level. These Cyber Scouts are selected by NR3C with an aim to
create a mass movement of Cyber Wise Environment among the
parents, teachers and children of varying ages.

COMPUTER FORENSICS

In today’s ever changing criminal world the use of computers for fraud
and the pursuit of other crimes has increased to dramatic proportions.
NR3C-FIA is a specialized department to deal with the computer crime.
Computer crime is not only about fraud – online or otherwise – it also
encompasses areas such as pornography, child sex abuse and the sale
of black market goods online. The wide range of data content present
in hard drives is potential evidence if seized from a crime scene. The
process of forensic acquisition, analysis and reporting of computer
storage devices is Computer Forensic. NR3C has state of the art
computer forensic facility, and posses leading forensic experts to deal
with all computer related crimes.

MOBILE FORENSICS

The increased utility of mobile devices such as smart phones has

leveraged the criminals to communicate and use digital application,
resultantly storing tremendous amount of data on the device. Criminals
use smart phones for a number of activities such as committing fraud
over e-mail, harassment through text messages, trafficking of child
pornography, communications related to narcotics, etc. The data
stored on smart phones is extremely useful to forensic analysts through
the course of an investigation. The forensic acquisition, analysis and
presentation of data content stored on mobile devices is known as
Mobile Forensics. NR3C since inception has dealt with numerous mobile
forensic cases, and also facilitates other government installations on
such technical assistance.

VIDEO FORENSICS

Video recordings can provide a realtime, eyewitness account of a

crime so investigators can watch or hear what transpired. For instance,
a surveillance video captures a bank robbery in progress, or a hidden
camera records . For most crimes, however, high quality video
recordings are often not available. This is where forensic video expertise
can help. Forensic experts have many techniques to enhance
recordings that can bring out details and provide a clearer picture of
what occurred. NR3C experts have engaged in numerous video
forensic investigation and have successfully identified criminals and
terrorist through this forensic method.

NETWORK FORENSICS

Network forensics is the capture, storage, and analysis of network

events. Regardless of the name, the idea is the same: record every
packet of network traffic (all emails, all database queries, all Web
browsing–absolutely all traffic of all kinds traversing an organization’s
network) to a single searchable repository so the traffic can be
examined in detail. It also includes the forensic examination of network
devices such as router, VOIP gateways, IDS/IDP etc. The network
device configuration and related data present in these devices is
important in cyber crime cases. NR3C has a specialized team to
investigate and process network forensic cases. They have successfully
analyzed numerous network forensic investigations in past.

TECHNICAL TRAINING

Development of human resource leverages the organizations to

perform efficiently. Trainings, seminars and workshops are instant source
of information that gives an edge to professionals to understand and
excel in their respective fields. NR3C over years has trained around
thousands of individuals of academia, law enforcement agencies,
judiciary, police academy, intelligence agencies etc. Trainings
disseminated in relation to digital forensic comprehension of
interpreting forensic reports, evidence extraction methods, laws
application to judicial community. 12, 458 individuals from all walks of
life ranging from a 6 grade kid to a decorated officers have been
trained by NR3C to serve the purpose cyber crime mitigation

ABOUT US

ABOUT NATIONAL RESPONSE CENTRE FOR CYBER CRIME (NR3C)

National Response Centre for Cyber Crime (NR3C) - FIA is a law

enforcement agency dedicated to fight cyber crime. Inception of this
Hi-Tech crime fighting unit transpired in 2007 to identify and curb the
phenomenon of technological abuse in society
National Reponse Centre for Cyber Crime (NR3C), is the latest
introduction to mandate of the FIA, primarily to deal with technology
based crimes in Pakistan. It is the only unit of its kind in the country and
in addition to the directly received complaints also assists other law
enforcement agencies in their own cases.
NR3C has expertise in Digital Forensics, Technical Investigation,
Information System Security Audits, Penetration Testing and Trainings.
The unit since its inception has been involved in capacity building of
the officers of Police, Intelligence, Judiciary, Prosecutors and other
Govt. organizations. NR3C has also conducted a large number of
seminars, workshops and training/awareness programs for the
academia, print/electronic media and lawyers. Cyber Scouts is the
latest initiative of NR3C, in which, selected students of different
private/public schools are trained to deal with computer emergencies
and spreading awareness amongst their fellow students, teachers and
parents.

VISION OF NR3C-FIA

A law enforcement agency that combats Cyber Crime, provides state

of the art digital forensic services, enjoys the respect in the society for its
integrity, professional competence, impartial attitude and serves as a
role model for provincial police forces.
MISSION OF NR3C-FIA

To achieve excellence by promoting culture of merit, enforcing

technology based law, extending continuous professional training,
ensuring effective internal accountability, encouraging use of
technology and possessing an efficient feedback mechanism.

CYBER RESCUE 9911

"Cyber Rescue Help line 9911" is round the clock 24/7 Cyber Crime
complaint registration service dedicated for the general public to
address their grievances. NR3C's dedicated personals are deputed on
the Cyber helpline to provide assistance regarding the Cyber Crime
related issues and complaint registration. This service provides one
window service to register a Cyber Crime complaint, and provide
assistance to public.
If you are a victim of Cyber Crime or have related questions, Dial 9911
from your phone/mobile and report your complaint.